System and method for controlling configuration settings for mobile communication devices and services

ABSTRACT

A wireless mobile communication device includes a processing system, a memory device and software. The software is stored on the memory device and executable by the processing system to receive a policy setting, authenticate a sender of the received policy, and automatically apply the policy setting on the communication device based on a successful authentication of the sender.

CROSS-REFERENCE TO RELATED APPLICATIONS

This is a continuation of U.S. application Ser. No. 11/943,179, filedNov. 20, 2007, which is a continuation of U.S. application Ser. No.10/282,312, filed Oct. 28, 2002, now U.S. Pat. No. 7,317,699, whichclaims priority from U.S. Provisional Application No. 60/330,643, filedOct. 26, 2001, all the above applications hereby incorporated herein byreference.

FIELD OF THE INVENTION

The present invention is directed toward the field of mobilecommunications. In particular, the system and method of the presentinvention provide for control of configuration settings for hand-heldmobile communication devices and communication services. The hand-heldmobile communication devices may be associated with an event-drivenredirection computer program (“redirector program”) operating at a hostsystem, which, upon sensing a particular user-defined event hasoccurred, redirects user-selected data items from the host system to theuser's mobile communication device. The mobile data communication devicemay be coupled to the host system via a wireless network and one or morelandline networks.

BACKGROUND

Known systems and methods for replicating information from a host systemto a user's mobile data communication device are typically“synchronization” systems in which the user's data items are warehoused(or stored) at the host system for an indefinite period of time and thentransmitted in bulk only in response to a user request. In these typesof systems and methods, when replication of the warehoused data items tothe mobile device is desired, the user typically places the mobiledevice in an interface cradle that is electrically connected to the hostsystem via some form of local, dedicated communication, such as a serialcable or an infrared or other type of wireless link. Software executingon the mobile data communication device then transmits commands via thelocal communications link to the host system to cause the host to begintransmitting the user's data items for storage in a memory bank of themobile device. In these synchronization schemes, the mobile unit “pulls”the warehoused information from the host system in a batch each time theuser desires to replicate information between the two devices.Therefore, the two systems (host system and device) only maintain thesame data items after a user-initiated command sequence that causes themobile device to download the data items from the host system.

A general problem with these synchronization systems is that the onlytime that the user data items are replicated between the host system andthe mobile data communication device is when the user commands themobile device to download or pull the user data from the host system. Atsome later time a new message could be sent to the user, but the userwould not receive that message until the next time the user fetches theuser data items. Thus, a user may fail to respond to an emergency updateor message because the user only periodically synchronizes the system,such as once per day. Other problems with these systems include: (1) theamount of data to be reconciled between the host and the mobile devicecan become large if the user does not “synchronize” on a daily or hourlybasis, leading to bandwidth difficulties, particularly when the mobiledevice is communicating via a wireless packet-switched network; and (2)reconciling large amounts of data, as can accrue in these batch-modesynchronization systems, can require a great deal of communicationbetween the host and the mobile device, thus leading to a more complex,costly and energy-inefficient system.

In order to address such disadvantages of pull-based data itemsynchronization systems, the assignee of the instant application hasdeveloped a more automated, continuous, efficient and reliable systemand method of ensuring that user data items are replicated at a user'smobile communication device. User-selected data items or certainportions of the selected data items stored at a host system arecontinuously redirected or “pushed” to a user's mobile datacommunication device upon the occurrence of a user-defined triggeringevent.

In such an automated and continuous redirection system, a user ispreferably able to configure device and redirection settings accordingto personal preferences. When the host system and device are providedfor employee use in a corporate environment and primarily for businesspurposes however, a corporate information technology (IT) department maywish to set certain guidelines for such settings, for example to requirethat a password be established by a user to prevent unauthorized use ofa device or access to information stored on a device, to enable ordisable certain device features, to prevent a user from resettingcertain default settings, to control the types of data items that can beselected for redirection from the host system to a mobile communicationdevice, or to limit the conditions under which data items are redirectedto a mobile communication device. In known systems, these guidelinestend to be established at initial installation of a redirection systemand are difficult to update, modify and enforce. Furthermore, settingsfor mobile communication devices and services can normally be controlledonly by the owners or operators of communication systems in which mobilecommunication devices are adapted to operate, not by a client or serviceprovider.

SUMMARY

According to an aspect of the invention, a method for controlling aconfiguration setting in a mobile data communication device in acommunication system, wherein the communication system includes aredirection system that detects a triggering event in a host system andin response to the triggering event continuously redirects data itemsfrom the host system over a wireless network to the mobile datacommunication device, comprises the steps of providing a deviceconfiguration for the mobile data communication device that controls oneor more functions of the mobile data communication device, receiving apolicy setting for the mobile data communication device at a policygeneration system, generating an update message that corresponds to thepolicy setting, transmitting the update message through the redirectionsystem to the wireless network, receiving the update message at themobile data communication device, and in response to the update message,automatically modifying the device configuration to include the policysetting.

A method for controlling a configuration setting in a group of mobiledata communication devices in a communication system in accordance withanother aspect of the invention, wherein the communication systemincludes a redirection system that detects a triggering event in a hostsystem and in response to the triggering event continuously redirectsdata items from the host system over a wireless network to one or moreof the mobile data communication devices, comprises the steps ofdefining the group of mobile data communication devices, providing adevice configuration for each of the mobile data communication devicesthat controls one or more functions of the mobile data communicationdevice, receiving a policy setting for the group of mobile datacommunication devices at a policy generation system, generating anupdate message that corresponds to the policy setting, transmitting theupdate message through the redirection system to the wireless network,receiving the update message at each mobile data communication device inthe group of mobile data communication devices, and in response to theupdate message, each mobile data communication device in the group ofmobile data communication devices automatically modifying the deviceconfiguration to include the policy setting.

In another embodiment of the invention, a system for controlling aconfiguration setting in a mobile communication device comprises aredirection server that detects a triggering event in a host system andin response to the triggering event continuously redirects data itemsfrom the host system to a wireless network, a mobile data communicationdevice that receives data items from the wireless network and thatincludes a device configuration stored in a memory location on themobile data communication device, wherein the device configurationcontrols one or more functions of the mobile data communication device,and a policy generation system that receives a policy setting from auser interface and stores the policy setting in a user informationrecord, wherein the redirection server detects the policy setting in theuser information record and in response to detecting the policy settingtransmits the policy setting over the wireless network to the mobiledata communication device, and wherein the mobile data communicationdevice automatically modifies the device configuration to include thepolicy setting.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a system diagram showing the redirection of user data itemsfrom a user's desktop PC (host system) to the user's mobile datacommunication device;

FIG. 2 is a system diagram showing the redirection of user data itemsfrom a network server (host system) to the user's mobile datacommunication device;

FIG. 3 is a block diagram showing the interaction of redirector softwarewith other components of the host system in FIG. 1;

FIG. 4 is a flow chart showing the steps carried out by exemplaryredirector software operating at the host system;

FIG. 5 is a flow chart showing an example of steps that may be carriedout by the mobile data communication device to interface with redirectorsoftware as represented in FIG. 4, operating at the host system;

FIG. 6 is a block diagram of an example network server-based redirectionsystem;

FIG. 7 is a block diagram of an exemplary user administration system;

FIG. 8 is a block diagram of another exemplary network server-baseddistributed redirection system;

FIG. 9 is a block diagram of an exemplary agent site;

FIG. 10 is a block diagram showing another example network server-basedredirection system;

FIG. 11 shows another exemplary user administration system;

FIG. 12 is a block diagram of an yet another exemplary networkserver-based distributed redirection system; and

FIG. 13 is a flow chart showing a method of controlling a configurationsetting of a mobile data communication device.

DETAILED DESCRIPTION

A host system is a computer where a redirection system or redirectorsoftware is operating. The host system may be either a user's desktopPC, although, alternatively, the host system could be a network serverconnected to the user's PC via a local-area network (“LAN)”, or could beany other system that is in communication with the user's desktop PC.

Instead of warehousing (or storing) the user's data items at the hostsystem and then “synchronizing” a mobile data communication device todata items stored at the host system when the mobile device requeststhat such items of information be communicated to it, systems in whichthe present invention may be deployed preferably employ a “push”paradigm that continuously packages and retransmits the user-selecteditems of information to the mobile communication device in response to atriggering event detected at the host system. Wireless mobile datacommunications devices, especially those that can return a confirmationsignal to the host that the pushed data has been received are especiallywell suited for this type of push paradigm. Due to the bandwidthlimitations of wireless networks, redirection of only a portion of auser-selected data item may be desirable, with the user given the optionof then retrieving the entire data item (or some other portion of thedata item) from the host system.

A redirection system or redirector software program operating at thehost system enables the user to redirect or mirror certain user-selecteddata items (or parts of data items) from the host system to the user'smobile data communication device upon detecting that one or moreuser-defined triggering events has occurred. Also operating at the hostsystem are various sub-systems that may be configured to createtriggering events, such as a screen saver sub-system or a keyboardsub-system, as well as sub-systems for repackaging the user's data itemsfor transparent delivery to the mobile data device, such as aTransmission Control Protocol/Internet Protocol (“TCP/IP”) sub-system orone or more E-Mail sub-systems. Other sub-systems for creatingtriggering events and repackaging the user's data items could also bepresent at the host system. The host system also includes a primarymemory store where the user's data items are normally stored.

Using the redirector software program, the user can select certain dataitems for redirection, such as E-mail messages, calendar events, meetingnotifications, address entries, journal entries, personal reminders etc.Having selected the data items for redirection, the user can thenconfigure one or more event triggers to be sensed by the redirectorprogram to initiate redirection of the user data items. Theseuser-defined trigger points (or event triggers) include external events,internal events and networked events. Examples of external eventsinclude: receiving a message from the user's mobile data communicationdevice to begin redirection; receiving a similar message from someexternal computer; sensing that the user is no longer in the vicinity ofthe host system; or any other event that is external to the host system.Internal events could be a calendar alarm, screen saver activation,keyboard timeout, programmable timer, or any other user-defined eventthat is internal to the host system. Networked events are user-definedmessages that are transmitted to the host system from another computercoupled to the host system via a network to initiate redirection. Theseare just some of the examples of the types of user-defined events thatcan trigger the redirector program to push data items from the host tothe mobile device. Although it is anticipated that the configurationthat specifies which data items will be redirected and in what form willbe set at the host system, such configuration may be set or modifiedthrough data sent from the mobile communications device. In accordancewith an aspect of the invention, some or all device and redirectionconfiguration settings may also be restricted, updated, or modified, andconfiguration guidelines or policies may be enforced, by a corporate ITdepartment or similar entity, for example.

In addition to the functionality noted above, a redirection system mayprovide a set of possibly software-implemented control functions fordetermining the type of mobile data communication device and itsaddress, for programming a preferred list of message types that are tobe redirected, and for determining whether the mobile device can receiveand process certain types of message attachments, such as word processoror voice attachments. The determination of whether a particular mobiledevice can receive and process attachments is initially configured bythe user of that mobile device at the host system. This configurationcan be altered on a global or per message basis by transmitting acommand message from the mobile device to the host system. If theredirector is configured so that the mobile data device cannot receiveand process word processor or voice attachments, then the redirectorroutes these attachments to an external machine that is compatible withthe particular attachment, such as an attached printer or networked faxmachine or telephone. Other types of attachments could be redirected toother types of external machines in a similar fashion, depending uponthe capabilities of the mobile device. For example, if a user istraveling and receives a message with an attachment that the user'smobile device can process or display, the user may send a commandmessage from a mobile communications device to the host systemindicating that that attachment is to be sent to a fax machine at ahotel where the user will be spending the evening. This enables the userto receive important E-mail attachments as long as the host system isprovided with sufficient information about the destination where theattachment is to be forwarded.

Once an event has triggered redirection of the user data items, the hostsystem may then repackage these items in a manner that is transparent tothe mobile communication device, so that information on the mobiledevice appears similar to information on the user's host system. Onerepackaging method includes wrapping the user data items in an E-mailenvelope that corresponds to the address of the mobile datacommunication device, although, alternatively, other repackaging methodscould be used, such as special-purpose TCP/IP wrapping techniques, orother methods of wrapping the user selected data items. The repackagingpreferably results in E-mail messages generated by the user from themobile device to be transmitted from the host system, thus enabling theuser to appear to have a single E-mail address, such that the recipientsof messages sent from the mobile communications device do not know wherethe user was physically located when the message was first sent. Therepackaging also permits both messages to the mobile device and sentfrom the mobile device to be encrypted and decrypted as well ascompressed and decompressed.

In an alternative system and method, a redirection system is provided ona network server, and the server is programmed to detect numerousredirection event triggers over the network from multiple user desktopcomputers coupled to the server via a LAN. The server can receiveinternal event triggers from each of the user desktops via the network,and can also receive external event triggers, such as messages from theusers' mobile data communication devices. In response to receiving oneof these triggers, the server redirects the user's data items to theproper mobile data communication device. The user data items andaddressing information for a particular mobile device can be stored atthe server or at the user's PC. Using this alternative configuration,one redirector program can serve a plurality of users. This alternativeconfiguration could also include an Internet- or intranet-basedredirector program that could be accessible through a secure webpage orother user interface. The redirector program could be located on anInternet Service Provider's system and accessible only through theInternet.

In another alternative arrangement, a redirector program operates atboth the host system and at the user's mobile data communication device.The user's mobile device then operates similarly to the host systemdescribed below, and is configured in a similar fashion to push certainuser-selected data items from the mobile device to the user's hostsystem (or some other computer) upon detecting an event trigger at themobile device. This configuration provides two-way pushing ofinformation from the host to the mobile device and from the mobiledevice to the host.

Referring now to the drawings, FIG. 1 is an example system diagramshowing the redirection of user data items (such as message A or C) froma user's office PC (host system) 10A to the user's mobile datacommunication device 24, where the redirector software 12A is operatingat the user's PC. Message A in FIG. 1 represents an internal messagesent from desktop 26 to the user's host system 10A via LAN 14. Message Cin FIG. 1 represents an external message from a sender that is notdirectly connected to LAN 14, such as the user's mobile datacommunication device 24, some other user's mobile device (not shown), orany user connected to the Internet 18. Message C also represents acommand message from the user's mobile data communication device 24 tothe host system 10A. As described in more detail in FIG. 3, the hostsystem 10 preferably includes, along with the typical hardware andsoftware associated with a workstation or desktop computer, theredirector program 12A, a TCP/IP subsystem 42, a primary message store40, an E-mail subsystem 44, a screen saver subsystem 48, and a keyboardsubsystem 46.

In FIG. 1, the host system 10A is the user's desktop system, typicallylocated in the user's office. The host system 10A is connected to a LAN14, which also connects to other computers 26, 28 that may be in theuser's office or elsewhere. The LAN 14, in turn, is connected to a widearea network (“WAN”) 18, preferably the Internet, which is defined bythe use of TCP/IP to exchange information, but which, alternativelycould be any other type of WAN. The connection of the LAN 14 to the WAN18 is via high bandwidth link 16, typically a T1 or T3 connection. TheWAN 18 in turn is connected to a variety of gateways, via connections32. A gateway forms a connection or bridge between the WAN 18 and someother type of network, such as an RF wireless network, cellular network,satellite network, or other synchronous or asynchronous land-lineconnection.

In the example of FIG. 1, a wireless gateway 20 is connected to theInternet for communicating via wireless link 22 to a plurality ofwireless mobile data communication devices 24. Also shown in FIG. 1 ismachine 30, which could be a FAX machine, a printer, a system fordisplaying images (such as video), a machine capable of processing andplaying audio files, such as a voice mail system, or some other type ofperipheral system or device. Certain message attachments may beredirected to such an external machine 30 if the redirector programconfiguration data reflects that the mobile device 24 cannot receive andprocess the attachments, or if the user has specified that certainattachments are not to be forwarded to mobile device 24, even if suchdevice can process those attachments. By way of example, consider anE-mail sent to a user that includes three attachments—a word processingdocument, a video clip and an audio clip. The redirection program couldbe configured to send the text of the E-mail to the remote device, tosend the word processing document to a networked printer located nearthe user, to send the video clip to a store accessible through a secureconnection through the Internet and to send the audio clip to the user'svoice mail system. This example is not intended to be limiting, butrather to illustrate the variety of possibilities embodied in theredirection concept.

The mobile data communication device 24 may be a hand-held two-waywireless paging computer, a wirelessly enabled palm-top computer, amobile telephone with data messaging capabilities, or a wirelesslyenabled laptop computer, but could, alternatively be other types ofmobile data communication devices capable of sending and receivingmessages via a network connection 22. Although the system may operate ina two-way communications mode, certain aspects of the redirection couldbe beneficially used in a “one and one-half” or acknowledgment pagingenvironment, or even with a one-way paging system. The mobile datacommunication device 24 may be configured, for example via softwareprogram instructions, to work in conjunction with the redirector program12A to enable the seamless, transparent redirection of user-selecteddata items. FIG. 4 describes the basic method steps of an exampleredirector program, and FIG. 5 describes the steps of a correspondingprogram which may be operating at the mobile device 24.

In an alternative system not explicitly shown in the drawings, themobile device 24 also includes a redirector program. User selected dataitems can be replicated from the host to the mobile device and viceversa. The configuration and operation of the mobile device 24 having aredirector program is similar to that described herein with respect toFIGS. 1-5.

A user can preferably configure the redirector program 12A to pushcertain user-selected data items to the user's mobile data communicationdevice 24 when the redirector 12A detects that a particular user-definedevent trigger (or trigger point) has taken place. User-selected dataitems preferably include E-mail messages, calendar events, meetingnotifications, address entries, journal entries, personal alerts,alarms, warnings, stock quotes, news bulletins, etc., but could,alternatively, include any other type of message that is transmitted tothe host system 10A, or that the host system 10A acquires through theuse of intelligent agents, such as data that is received after the hostsystem 10A initiates a search of a database or a website or a bulletinboard. In some instances, only a portion of the data item is transmittedto the mobile device 24 in order to minimize the amount of datatransmitted via the wireless network 22. In these instances, the mobiledevice 24 can optionally send a command message to the host system toreceive more or all of the data item if the user desires to receive it.

Among user-defined event triggers that can be detected by the redirectorprogram 12A are external events, internal events and networked events.External events preferably include: (1) receiving a command message(such as message C) from the user's mobile data communication device tobegin redirection, or to execute some other command at the host, such asa command to enable the preferred list mode, or to add or subtract aparticular sender from the preferred list; (2) receiving a similarmessage from some external computer; and (3) sensing that the user is nolonger in the vicinity of the host system; although, alternatively, anexternal event can be any other detectable occurrence that is externalto the host system. Internal events could be a calendar alarm, screensaver activation, keyboard timeout, programmable timer, or any otheruser-defined event that is internal to the host system. Networked eventsare user-defined messages that are transmitted to the host system fromanother computer coupled to the host system via a network to initiateredirection. These are just some of the events that could be used toinitiate replication of the user-selected data items from the hostsystem 10 to the mobile device 24.

FIG. 1 shows an E-mail message A being communicated over LAN 14 fromcomputer 26 to the user's desktop system 10A (also shown in FIG. 1 is anexternal message C, which could be an E-mail message from an Internetuser, or could be a command message from the user's mobile device 24).Once the message A (or C) reaches the primary message store of the hostsystem 10A, it can be detected and acted upon by the redirectionsoftware 12A. The redirection software 12A can use many methods ofdetecting new messages. One method of detecting new messages is usingMicrosoft® Messaging API (“MAPI”), in which programs, such as theredirector program 12A, register for notifications or ‘advise syncs’when changes to a mailbox take place. Other methods of detecting newmessages could also be used, and will be described in further detailbelow.

Assuming that the redirector software program 12A is activated, and hasbeen configured by the user (either through the sensing of an internal,network or external event) to replicate certain user data items(including messages of type A or C) to the mobile device 24, when themessage A is received at the host system 10A, the redirector softwareprogram 12A detects its presence and prepares the message forredirection to the mobile device 24. In preparing the message forredirection, the redirector software program 12A could compress theoriginal message A, could compress the message header, or could encryptthe entire message A to create a secure link to the mobile device 24.

Also programmed into the redirector software program 12A is the addressof the user's mobile data communication device 24, the type of device,and whether the device 24 can accept certain types of attachments, suchas word processing or voice attachments. If the user's type of mobiledevice cannot accept these types of attachments, then the redirectorsoftware program 12A can be programmed to route the attachments to a faxor voice number where the user is located using an attached fax or voicemachine 30.

The redirector software program 12A may also be programmed with apreferred list mode that is configured by the user either at the hostsystem 10A, or remotely from the user's mobile data communication deviceby transmitting a command message C. The preferred list contains a listof senders (other users) whose messages are to be redirected or a listof message characteristics that determine whether a message is to beredirected. If activated, the preferred list mode causes the redirectorsoftware program 12A to operate like a filter, only redirecting certainuser data items based on whether the data item was sent from a sender onthe preferred list or has certain message characteristics that ifpresent will trigger or suppress redirection of the message. In theexample of FIG. 1, if desktop system 26 was operated by a user on thepreferred list of host system 10A, and the preferred list option wasactivated, then message A would be redirected. If, however, desktop 26was operated by a user not on the host system's preferred list, thenmessage A would not be redirected, even if the user of the host systemhad configured the redirector to push messages of type A. The user ofthe host system 10A can configure the preferred list directly from thedesktop system, or, alternatively, the user can then send a commandmessage (such as C) from the mobile device 24 to the desktop system 10Ato activate the preferred list mode, or to add or delete certain sendersor message characteristics from the preferred list that was previouslyconfigured. It should be appreciated that a redirection program couldcombine message characteristics and preferred sender lists to result ina more finely-tuned filter. Messages marked as low priority or that aresimple return receipts or message read receipts, for example, couldalways be suppressed from redirection while messages from a particularsender would always be redirected.

After the redirector software program 12A has determined that aparticular message should be redirected, and it has prepared the messagefor redirection, the software 12A then sends the message A to asecondary memory store located in the mobile device 24, using whatevermeans are necessary. For example, the message A may be sent back overthe LAN 14, WAN 18, and through the wireless gateway 20 to the mobiledata communication device 24. In doing so, the redirector preferablyrepackages message A as an E-mail with an outer envelope B that containsthe addressing information of the mobile device 24, although alternativerepackaging techniques and protocols could be used, such as a TCP/IPrepackaging and delivery method (most commonly used in the alternativeserver configuration shown in FIG. 2). The wireless gateway 20 requiresthis outer envelope information B in order to know where to send theredirected message A. Once the message (A in B) is received by themobile device 24, the outer envelope B is removed and the originalmessage A is placed in the secondary memory store within the mobiledevice 24. Repackaging and removing the outer envelope in this mannercauses the mobile device 24 to appear to be at the same physicallocation as the host system 10, thus creating a transparent system.

In the case where message C is representative of an external messagefrom a computer on the Internet 18 to the host system 10A, and the host10A has been configured to redirect messages of type C, then in asimilar manner to message A, message C would be repackaged with an outerenvelope B and transmitted to the user's mobile device 24. In the casewhere message C is representative of a command message from the user'smobile device 24 to the host system 10A, the command message C is notredirected, but is acted upon by the host system 10A.

If the redirected user data item is an E-mail message, as describedabove, the user at the mobile device 24 sees the original subject,sender's address, destination address, carbon copy and blind carboncopy. When the user replies to this message, or when the user authors anew message, the software operating at the mobile device 24 adds asimilar outer envelope to the reply message (or the new message) tocause the message to be routed first to the user's host system 10A,which then removes the outer envelope and redirects the message to thefinal destination, such as back to computer 26. This preferably resultsin the outgoing redirected message from the user's host system 10A beingsent using the E-mail address of the host mailbox, rather than theaddress of the mobile device, so that it appears to the recipient of themessage that the message originated from the user's desktop system 10Arather than the mobile data communication device. Any replies to theredirected message will then be sent to the desktop system 10A, which ifit is still in redirector mode, will repackage the reply and resend itto the user's mobile data device, as described above.

FIG. 2 is an alternative system diagram showing the redirection of userdata items from a network server 10B to the user's mobile datacommunication device 24, where the redirector software 12B is operatingat the server 10B. This configuration is particularly advantageous foruse with message servers such as a Microsoft® Exchange Server or aLotus™ Domino™ Server, which are normally operated so that all usermessages are stored in one central location or mailbox store on theserver instead of in a store within each user's desktop PC. Thisconfiguration has the additional advantage of allowing a single systemadministrator to configure and keep track of all users having messagesredirected. If the system includes encryption keys, these too can bekept at one place for management and update purposes. A server-basedredirection system such as shown in FIG. 2 also facilitates enhancedcontrol of redirection and device configuration settings for any or allusers enabled for message redirection from the server. For example, anadministrator may restrict the types of data items that may be selectedby users for redirection to mobile communication devices by establishingdefault settings at the server.

As will be described in further detail below, the server 10B preferablymaintains a user profile for each user's desktop system 26, 28,including information such as whether or not a particular user can havedata items redirected, which types of message and information toredirect, what events will trigger redirection, the address of theusers' mobile data communication device 24, the type of mobile device,and the user's preferred list, if any. The event triggers are preferablydetected at the user's desktop system 26, 28 and can be any of theexternal, internal or network events listed above. The desktop systems26, 28 preferably detect these events and then transmit a message to theserver computer 10B via LAN 14 to initiate redirection. Although theuser data items are preferably stored at the server computer 10B in thisembodiment, they could, also or alternatively, be stored at each user'sdesktop system 26, 28, which would then transmit them to the servercomputer 10B after an event has triggered redirection. In the aboveexample of a Lotus Domino Server, a user's mail file may exist at boththe server and a user's desktop computer system.

In FIG. 2, desktop system 26 generates a message A that is transmittedto and stored at the host system 10B, which is the network serveroperating the redirector program 12B. The message A is for desktopsystem 28, but in this embodiment, user messages are stored at thenetwork server 10B. When an event occurs at desktop system 28, an eventtrigger is generated and transmitted to the network server 10B, whichthen determines who the trigger is from, whether that desktop hasredirection capabilities, and if so, the server (operating theredirector program) uses the stored configuration information toredirect message A to the mobile device 24 associated with the user ofdesktop system 28.

As described above with reference to FIG. 1, message C could be either acommand message from a user's mobile data communication device 24, or itcould be a message from an external computer, such as a computerconnected to the Internet 18. If the message C is from an Internetcomputer to the user's desktop system 28, and the user has redirectioncapabilities, then the server 10B detects the message C, repackages itusing electronic envelope B, and redirects the repackaged message (C inB) to the user's mobile device 24. If the message C is a command messagefrom the user's mobile device 24, then the server 10B simply acts uponthe command message.

FIG. 3 is a block diagram showing the interaction of the redirectorsoftware 12A with additional components of the host system 10A of FIG. 1(the desktop PC) to enable more fully the pushing of information fromthe host system 10A to the user's mobile data communication device 24 isset forth. These additional components are illustrative of the type ofevent-generating systems that can be configured and used with theredirector software 12A, and of the type of repackaging systems that canbe used to interface with the mobile communication device 24 to make itappear transparent to the user.

The desktop system 10A is connected to LAN 14, and can send and receivedata, messages, signals, event triggers, etc., to and from other systemsconnected to the LAN 14 and to external networks 18, 22, such as theInternet or a wireless data network, which are also coupled to the LAN14. In addition to the standard hardware, operating system, andapplication programs associated with a typical microcomputer orworkstation, the desktop system 10A includes the redirector program 12A,a TCP/IP sub-system 42, an E-mail sub-system 44, a primary data storagedevice 40, a screen saver sub-system 48, and a keyboard sub-system 46.The TCP/IP and E-mail subsystems 42, 44 are examples of repackagingsystems that can be used to achieve transparency of redirection, and thescreen saver and keyboard sub-systems 46, 48 are examples of eventgenerating systems that can be configured to generate event messages orsignals that trigger redirection of the user selected data items.

The method steps carried out by the redirector program 12A are describedin more detail by way of illustrative example in FIG. 4. The basicfunctions of this program are to: (1) configure and setup theuser-defined event trigger points that will start redirection; (2)configure the types of user data items for redirection and optionallyconfigure a preferred list of senders whose messages are to beredirected; (3) configure the type and capabilities of the user's mobiledata communication device; (4) receive messages and signals from therepackaging systems and the event generating systems; and (5) commandand control the redirection of the user-selected data items to themobile data communication device via the repackaging systems. Otherfunctions not specifically enumerated could also be integrated into thisprogram.

The E-Mail sub-system 44 is the preferred link to repackaging theuser-selected data items for transmission to the mobile datacommunication device 24, and preferably uses industry standard mailprotocols, such as SMTP, POP, IMAP, MIME and RFC-822, to name but a few.The E-Mail sub-system 44 can receive messages A from external computerson the LAN 14, or can receive messages C from some external network suchas the Internet 18 or a wireless data communication network 22, andstores these messages in the primary data store 40. Assuming that theredirector program 12A has been triggered to redirect messages of thistype, the redirector detects the presence of any new messages andinstructs the E-Mail system 44 to repackage the message by placing anouter wrapper B about the original message A (or C), and by providingthe addressing information of the mobile data communication device 24 onthe outer wrapper B. As noted above, this outer wrapper B is removed bythe mobile device 24, and the original message A (or C) is thenrecovered, thus making the mobile device 24 appear to be the desktopsystem 10A.

In addition, the E-Mail sub-system 44 receives messages back from themobile device 24 having an outer wrapper with the addressing informationof the desktop system 10A, and strips this information away so that themessage can be routed to the proper sender of the original message A (orC). The E-Mail sub-system also receives command messages C from themobile device 24 that are directed to the desktop system 10A to triggerredirection or to carry out some other function. The functionality ofthe E-Mail sub-system 44 is controlled by the redirector program 12A.

The TCP/IP sub-system 42 is an alternative repackaging system. Itincludes all of the functionality of the E-Mail sub-system 44, butinstead of repackaging the user-selected data items as standard E-mailmessages, this system repackages the data items using special-purposeTCP/IP packaging techniques. This type of special-purpose sub-system isuseful in situations where security and improved speed are important tothe user. The provision of a special-purpose wrapper that can only beremoved by special software on the mobile device 24 provides the addedsecurity, and the bypassing of E-mail store and forward systems canimprove speed and real-time delivery.

As described previously, the present invention redirection can betriggered upon detecting numerous external, internal and networkedevents, or trigger points. Examples of external events include:receiving a command message from the user's mobile data communicationdevice 24 to begin redirection; receiving a similar message from someexternal computer; sensing that the user is no longer in the vicinity ofthe host system; or any other event that is external to the host system.Internal events could be a calendar alarm, screen saver activation,keyboard timeout, programmable timer, or any other user-defined eventthat is internal to the host system. Networked events are user-definedmessages that are transmitted to the host system from another computerthat is connected to the host system via a network to initiateredirection.

The screen saver and keyboard sub-systems 46, 48 are examples of systemsthat are capable of generating internal events. Functionally, theredirector program 12A provides the user with the ability to configurethe screen saver and keyboard systems so that under certain conditionsan event trigger will be generated that can be detected by theredirector 12A to start the redirection process. For example, the screensaver system can be configured so that when the screen saver isactivated, after, for example, 10 minutes of inactivity on the desktopsystem, an event trigger is transmitted to the redirector 12A, whichstarts redirecting the previously selected user data items. In a similarmanner the keyboard sub-system can be configured to generate eventtriggers when no key has been depressed for a particular period of time,thus indicating that redirection should commence. These are just twoexamples of the numerous application programs and hardware systemsinternal to the host system 10A that can be used to generate internalevent triggers.

FIGS. 4 and 5, are flow charts showing steps that may be carried out,respectively, by the redirector software 12A operating at the hostsystem 10A, and by the mobile data communication device 24 in order tointerface with the host system. Turning first to FIG. 4, at step 50, theredirector program 12A is started and initially configured. The initialconfiguration of the redirector 12A includes: (1) defining the eventtriggers that the user has determined will trigger redirection; (2)selecting the user data items for redirection; (3) selecting therepackaging sub-system, either standard E-Mail, or special-purposetechnique; (4) selecting the type of data communication device,indicating whether and what type of attachments the device is capable ofreceiving and processing, and inputting the address of the mobiledevice; and (5) configuring the preferred list of user selected senderswhose messages are to be redirected.

FIG. 4 sets forth the basic steps of an example redirector program 12Aassuming it is operating at a desktop system 10A, such as shown inFIG. 1. If the redirector 12B is operating at a network server 12B, asshown in FIG. 2, then additional configuration steps may be necessary toenable redirection for a particular desktop system 26, 28 connected tothe server, including: (1) setting up a profile for the desktop systemindicating its address, events that will trigger redirection, and thedata items that are to be redirected upon detecting an event; (2)maintaining a storage area at the server for the data items; and (3)storing the type of data communication device to which the desktopsystem's data items are to be redirected, whether and what type ofattachments the device is capable of receiving and processing, and theaddress of the mobile device.

Once the redirector program is configured 50, the trigger points (orevent triggers) are enabled at step 52. The program 12A then waits 56for messages and signals 54 to begin the redirection process. A messagecould be an E-Mail message or some other user data item than may havebeen selected for redirection, and a signal could be a trigger signal,or could be some other type of signal that has not been configured as anevent trigger. When a message or signal is detected, the programdetermines 58 whether it is one of the trigger events that has beenconfigured by the user to signal redirection. If so, then at step 60 atrigger flag is set, indicating that subsequently received user dataitems (in the form of messages) that have been selected for redirectionshould be pushed to the user's mobile data communication device 24.

If the message or signal 54 is not a trigger event, the program thendetermines at steps 62, 64 and 66 whether the message is, respectively,a system alarm 62, an E-Mail message 64, or some other type ofinformation that has been selected for redirection. If the message orsignal is none of these three items, then control returns to step 56,where the redirector waits for additional messages 54 to act upon. If,however the message is one of these three types of information, then theprogram 12A determines, at step 68, whether the trigger flag has beenset, indicating that the user wants these items redirected to the mobiledevice. If the trigger flag is set, then at step 70, the redirector 12Acauses the repackaging system (E-Mail or TCP/IP) to add the outerenvelope to the user data item, and at step 72 the repackaged data itemis then redirected to the user's mobile data communication device 24 viaLAN 14, WAN 18, wireless gateway 20 and wireless network 22. Controlthen returns to step 56 where the program waits for additional messagesand signals to act upon. Although not shown explicitly in FIG. 4, afterstep 68, the program could, if operating in the preferred list mode,determine whether the sender of a particular data item is on thepreferred list, and if not, then the program would skip over steps 70and 72 and proceed directly back to step 56. If the sender was on thepreferred list, then control would similarly pass to steps 70 and 72 forrepackaging and transmission of the message from the preferred listsender.

FIG. 5 sets forth the method steps carried out by the user's mobile datacommunication device 24 in order to interface to the redirector program12A. At step 80 the mobile software is started and the mobile device 24is configured to operate with the redirector program 12A, includingstoring the address of the user's desktop system 10A for example.

At step 82, the mobile device waits for messages and signals 84 to begenerated or received. Assuming that the redirector software 12Aoperating at the user's desktop system 10A is configured to redirectupon receiving a message from the user's mobile device 24, at step 86,the user can decide to generate a command message that will startredirection. If the user does so, then at step 88 the redirectionmessage is composed and sent to the desktop system 10A via the wirelessnetwork 22, through the wireless gateway 20, via the Internet 18 to theLAN 14, and is finally routed to the desktop machine 10A. In thissituation where the mobile device 24 is sending a message directly tothe desktop system 10A, no outer wrapper is added to the message (suchas message C in FIGS. 1 and 2). In addition to the redirection signal,the mobile device 24 could transmit any number of other commands tocontrol the operation of the host system, and in particular theredirector program 12A. For example, the mobile 24 could transmit acommand to put the host system into the preferred list mode, and thencould transmit additional commands to add or subtract certain sendersfrom the preferred list. In this manner, the mobile device 24 candynamically limit the amount of information being redirected to it byminimizing the number of senders on the preferred list. Other examplecommands include: (1) a message to change the configuration of the hostsystem to enable the mobile device 24 to receive and process certainattachments; and (2) a message to instruct the host system to redirectan entire data item to the mobile device in the situation where only aportion of a particular data item has been redirected.

Turning back to FIG. 5, if the user signal or message is not a directmessage to the desktop system 10A to begin redirection (or some othercommand), then control is passed to step 90, which determines if amessage has been received. If a message is received by the mobile, andit is a message from the user's desktop 10A, as determined at step 92,then at step 94 a desktop redirection flag is set “on” for this message,and control passes to step 96 where the outer envelope is removed.Following step 96, or in the situation where the message is not from theuser's desktop, as determined at step 92, control passes to step 98,which displays the message for the user on the mobile device's display.The mobile unit 24 then returns to step 82 and waits for additionalmessages or signals.

If the mobile device 24 determines that a message has not been receivedat step 90, then control passes to step 100, where the mobile determineswhether there is a message to send. If not, then the mobile unit returnsto step 82 and waits for additional messages or signals. If there is atleast one message to send, then at step 102 the mobile determineswhether it is a reply message to a message that was received by themobile unit. If the message to send is a reply message, then at step108, the mobile determines whether the desktop redirection flag is onfor this message. If the redirection flag is not on, then at step 106the reply message is simply transmitted from the mobile device to thedestination address via the wireless network 22. If, however, theredirection flag is on, then at step 110 the reply message is repackagedwith the outer envelope having the addressing information of the user'sdesktop system 10A, and the repackaged message is then transmitted tothe desktop system 10A at step 106. As described above, the redirectorprogram 12A executing at the desktop system then strips the outerenvelope and routes the reply message to the appropriate destinationaddress using the address of the desktop system as the “from” field, sothat to the recipient of the redirected message, it appears as though itoriginated from the user's desktop system rather than the mobile datacommunication device.

If, at step 102, the mobile device determines that the message is not areply message, but an original message, then control passes to step 104,where the mobile device determines if the user is using the redirectorsoftware 12A at the desktop system 10A, by checking the mobile device'sconfiguration. If the user is not using the redirector software 12A,then the message is simply transmitted to the destination address atstep 106. If, however, the mobile determines that the user is using theredirector software 12A at the desktop system 10A, then control passesto step 110, where the outer envelope is added to the message. Therepackaged original message is then transmitted to the desktop system10A at step 106, which, as described previously, strips the outerenvelope and routes the message to the correct destination. Followingtransmission of the message at step 106, control of the mobile devicereturns to step 82 and waits for additional messages or signals.

Having described redirection of data items from a host system to amobile communication device, server-based systems and methods for dataitem redirection and control of redirection and device configurationsettings now be described.

FIG. 6 shows a redirection system, similar to the system of FIG. 2, inwhich redirection software is running on a server computer in a network.The system in FIG. 6 relates to redirection of E-mail messages from anetwork to one or more mobile communication devices 24 associated withdesktop computers 26, 28 in the network 14. The presence of furtherdesktop computers, workstations and other network servers, and has beenindicated generally by the dotted line 14, which represents a LAN inFIG. 6. The LAN 14 is preferably a corporate network in which employeeworkstations are configured to operate. As described above inconjunction with FIG. 2, it is assumed in FIG. 6 that E-mail is storedat the messaging servers 601 in the network 14, or alternativelyforwarded to the servers when redirection is initiated.

As shown in FIG. 6, the system 600 includes one or more messaging servercomputers 601 a, 601 b, 601 c, and desktop computers 26, 28 in LAN 14, afurther server computer 602, a storage unit 608, a WAN 18, acommunication link 32, wireless gateway 20, and a link 22 to mobiledevices 24 a, 24 b, 24 c. The server computer 602 includes a pluralityof MAPI clients 604 a, 604 b, 604 c and an interface 606. In addition,the server 602 may execute a policy generation system and any or all ofthe mobile devices 24 may execute a policy setting processing system, asdescribed below.

The server 602 accesses all of the messaging servers in LAN 14 fromwhich redirection is to be enabled and implements the redirection serversoftware 12B shown in FIG. 2. As discussed above, LAN 14 is preferably acorporate network which extends throughout corporate premises or anentire corporate enterprise. Server 602 is therefore typically referredto as an enterprise server. The enterprise server 602 accesses all ofthe messaging servers 601, shown in FIG. 6 as Microsoft Exchangeservers, via the MAPI clients 604 in order to detect incoming E-mailmessages and possibly other data items to be redirected from desktopsystems 26, 28 in the network 14 to associated mobile devices 24. Theenterprise server 602 also couples the messaging servers 601 through aWAN 18, such as the Internet, and link 32 to the wireless gateway 20.The system operates as described above to continuously redirect messagesfrom desktop systems in the network 14 to corresponding mobile devices24 in response to redirection triggers or events. Information on thedesktop systems is thereby mirrored on the mobile devices 24.

On the corporate network side, enterprise server 602 implements MAPIclients 604 a, 604 b, 604 c to interface with each Exchange server 601a, 601 b, 601 c. Although multiple Exchange servers are shown in FIG. 6,relatively small networks with few users may have only a single Exchangeserver, such that a single MAPI client 604 would be implemented in theenterprise server 602. In the event that further Exchange servers 601are added to an existing network 14 after installation of the enterpriseserver 602, a corresponding number of new MAPI clients 604 could beadded to the enterprise server 602 to enable redirection of messagesfrom such additional servers, provided that the capacity of theenterprise server 602 is not exceeded.

An Exchange server such as server 601 a, 601 b or 601 c is conceptuallya form of database server arranged according to some logical topologycomprising different hierarchical levels. MAPI clients can be set up toreceive notifications of any of a plurality of changes occurring at anyof the levels within the topology. For example, a MAPI client may beconfigured to receive notification of changes at a mailbox level, a userlevel, or a folder level. MAPI clients 604 a, 604 b, 604 c may beconfigured to receive notifications of changes to any mailboxes on theExchange servers 601 which are “wirelessly enabled” or configured forredirection of incoming messages to a mobile device 24, such that E-mailmessages and other data items arriving at wirelessly enabled mailboxesare redirected to respective corresponding mobile devices 24. Theenterprise server 602 maintains a list of users whose mailboxes arewirelessly enabled and thereby determines for which mailboxes the MAPIclients 604 should receive notifications.

If redirection has not been activated by a redirection trigger, thenchanges to the user's mailbox are not of particular importance to theenterprise server 602. Depending upon the configuration of the Exchangeservers 601, the enterprise server 602 and its MAPI clients 604,however, notifications of such mailbox changes may be continuouslyprovided by the Exchange servers 601 to the enterprise server 602, evenwhen redirection is not active. In such a case, the enterprise server602 may be configured to ignore notifications unless or until aredirection trigger for the particular user is detected. Alternatively,the Exchange servers 601 may provide the mailbox change notificationsonly when redirection is active, i.e. after a redirection triggeroccurs. Mailbox change notification timing may therefore be controlledeither at the Exchange servers 601 or the enterprise server 602. In anexample system, the MAPI clients 604 on the enterprise server 602 aredesigned to implement the desired notification scheme in order toprovide for simpler installation of the enterprise server 602 in anexisting network 14.

The enterprise server 602 may be configured to respond to only selectedmailbox changes among the many possible changes that may occur within auser's mailbox. Even though the Exchange servers 601 may providenotifications of all changes to all mailboxes, only certain changes towirelessly enable mailboxes require any action by the enterprise server602. For example, although the Exchange servers 601 may providenotifications to the MAPI clients 604 on enterprise server 602 whenmessages are moved from one folder to another within a user's mailbox ordeleted from a folder or folders in a user's mailbox, redirectionoperations might be required by the enterprise server 602 only if a userhas configured redirection settings to maintain folder synchronizationbetween the mailbox and the device 24. When a new message arrives at awirelessly-enabled mailbox, however, the enterprise server 602preferably responds to the associated notification from the Exchangeserver 601 by executing operations to redirect the new message to theuser's mobile device 24, provided that an appropriate redirectiontrigger has been detected. Any determinations of the type of mailboxchange notification and whether or not any redirection functions arenecessary are preferably made within the enterprise server 602.

Although the enterprise server 602 is shown outside the LAN 14, theenterprise server 602 may be running as a service within the LAN 14, forexample, as a Windows NT® service. As such, administration functions forthe enterprise server 602 may be integrated with other network serviceadministrative arrangements. Since the enterprise server 602 operates inconjunction with the Exchange servers 601, the enterprise serveradministration could be integrated with Exchange server administration,for example, as an Exchange extension. When an existing user's mailboxis to be enabled for redirection of messages to a mobile device, anExchange administrator may add the user to the enterprise server 602through a mailbox extension. For a new user, the Exchange administratormay add the user's mailbox on an Exchange server 601 and also add theuser to the enterprise server 602 during a single login session.

Alternatively, administration of the enterprise server 602 may beaccomplished, for example, through an administration service and clientarrangement such as shown in FIG. 7. In the embodiment shown in FIG. 7,a user administration service 702, preferably a software program, isinstalled and executed on a computer which can communicate with theExchange servers 601 and has Exchange administration rights.Administration rights are typically associated with network accountsinstead of particular computers. Therefore, provided that a computeruser logs on using an account having Exchange administration rights or acomputer is configured to run under a specific account having Exchangeadministration rights, the service 702 may be executed on that computer.When installed and started, the administration service 702 runs in thebackground on the computer on which it is installed. An enterpriseserver administration client 704 is similarly installed on a computer inthe network 14 and communicates with the service to perform enterpriseserver administration functions, as discussed below. In alternativeembodiments, the service 702 may instead run on one or more of theExchange servers 601.

Although the service 702 should operate on a computer having Exchangeadministration permissions, the client 704 may be installed on anycomputer within the network which can communicate with the computer onwhich the service 702 is running Enterprise server administrationfeatures are thereby provided through the client 704 without requiringExchange administration privileges or permissions. Administrationfunctions for the enterprise server 602 remain integrated with Exchangeadministration, in that the service 702 performs enterprise serveradministration through Exchange administration arrangements. However,the client program 704 requires no Exchange administration permissions;only the service 702 requires such administration rights.

The client-service enterprise server administration arrangement therebyprovides for flexibility in assignment of Exchange administration rightsto enterprise server administrators. The service 702 is preferablyconfigured to provide for common enterprise server administrationfunctions, including, for example, adding users to an enterprise server,deleting users from an enterprise server, listing all users on anenterprise server, and verifying that a particular user exists on aparticular enterprise server. As such, only a restricted set of Exchangeadministration rights must be made available to enterprise serveradministrators through the administration client 704. Even though theservice 702 may have full Exchange administration rights, it may betailored to provide only specific enterprise server administrationfunctions to the client 704. Therefore, after the service software 702has been installed and is running, enterprise administration forexisting Exchange users through the client 704 requires no interventionby Exchange administrators. It should be understood that furtheradministration arrangements may be apparent to those skilled in the art,and that any of such arrangements may be implemented, according to thepreferences of an owner or operator of LAN 14 and/or enterprise server602, for administration of redirection-related functions of theenterprise server 602.

In one example, an administration function may be performed to enable anexisting Exchange mailbox for redirection to a mobile device. To performthis administrative function, an “add user” administration request maybe entered at the computer on which the client 704 is installed. Theadministration request is then sent to the service 702, which performsthe actual administration function(s) required to add the user to theenterprise server 602. In order to add the user, thereby wirelesslyenabling the user's mailbox, a user information record or profile shouldbe created either on an Exchange server 601 or in the data store 608associated with the enterprise server 602. User information, such as auser name, a mailbox name and a mobile device identifier, may be eitherrequested from the administrator that is attempting to add the user ormay be provided with an “add user” administration request or command andstored in the user information record. Once the user information recordis created, data items may be redirected from the user's mailbox on aserver 601 to the user's mobile device 24 by the enterprise server 602.A new mailbox may thus be wirelessly enabled as soon as the mailbox isestablished on a messaging server 601.

User information records or profiles for users of wirelessly enabledmailboxes are preferably stored in the data store 608 on the enterpriseserver 602. However, user information may instead be stored on anExchange server 601, or at some other appropriate storage location. Theuser information is preferably stored in Exchange folders accessible bythe enterprise server 602. Regardless of where user information recordsare stored, when a user is added a user information record is written tothe appropriate storage location. Similarly, deleting a user from theenterprise server 602 causes a corresponding user information record tobe either erased or overwritten. In order to execute such otheradministration functions as listing or verifying users, the enterpriseserver 602 accesses user information records, wherever they are stored.The user information records are also used by the enterprise server 602to process mailbox change notifications, as discussed in more detailbelow.

Each mobile device 24 has a unique identification number, generallycalled a personal identification number or PIN, associated therewith.Adding a user to the enterprise server 602 creates a correspondencebetween the user's Exchange mailbox and the particular mobile device 24to which messages addressed to the user are to be redirected. The userinformation record which is stored to either an Exchange server 601 or astorage unit 608 when the user is added to the enterprise server 602therefore includes the particular PIN for the user's mobile device 24.The user information record also preferably includes the user name,mailbox name, E-mail address or other information which identifies theuser or mailbox from which redirection is enabled.

In addition to user identification and PIN information stored to userrecords when a user is added to the enterprise server 602, an indicationof the redirection status of the user's desktop system is also storedwith the enterprise server user information. The status indicator shouldstore at least the latest redirection status, such as “running” toindicate that incoming messages are currently being redirected to theuser's mobile device 24, or “disabled” to indicate that messageredirection is not currently active. In addition, other statusinformation may be stored with the user information in a userinformation record including, for example, the name of the enterpriseserver 602 through which messages for the user are to be redirected,statistical information relating to the number of messages sent to orfrom the mobile device, the number of messages pending to the mobiledevice, the number of messages that have expired before being sent tothe mobile device, the number of messages not sent to the mobile devicein accordance with filtering rules as described below, the times thatmessages were last sent to or received from the mobile device, the timeof last contact with the mobile device, the result of the most recenttransaction involving the mobile device, and the like.

In server-based redirection schemes, a network server runs theredirection software 12B, which controls message redirection for theentire LAN 14 in which it operates. A desktop configuration system shownat 27 and 29 in FIGS. 6 and 7, associated with each desktop computer 26,28, is also contemplated to allow users to set individual redirectionproperties. The desktop configuration systems 27, 29 are preferablyimplemented as a computer software program. With such an arrangementhaving both desktop and server components, users can set redirectionproperties or characteristics according to personal preferences eventhough message redirection for all users in the entire network isprovided by a single server. When a user has been added to theenterprise server 602, the desktop software can be executed to establishuser-configurable settings. Using the desktop software, the user canspecify whether or not messages are to be redirected to the mobiledevice 24 when the mobile device is connected to the desktop computer,filter rules such as the above preferred sender list that determinewhether or not messages should be redirected to the mobile device, theredirection triggers which initiate redirection of messages to themobile device, and other redirection preferences. Features such asautomatic backup of device information when the user connects the deviceto his or her desktop computer, wireless information synchronization,wireless calendar features, and possibly other redirection features mayalso be enabled and disabled using the desktop software component.Further configuration or setting information not directly affectingmessage redirection may also be specified using the desktopconfiguration system, including, for example, a signature block to beadded at the end of messages sent from the mobile device, whether or notmessages sent from the mobile device should be stored to a messagefolder on the desktop system, and how the mobile device and desktopsystem should be synchronized when connected.

Certain device configuration settings might also possibly be establishedat a desktop computer 26, 28 and transferred to a mobile device througha serial connection, for example. Device configuration settings mayenable, disable or otherwise control the operation of device features,including, for example, communication with other devices through thewireless gateway 20 instead of through the enterprise server 602,password and other security features, and owner information storageand/or display. It is also contemplated that certain configurationsettings, such as turning a password feature on and off, devicepasswords, and owner information, may be established using a mobiledevice. As described in further detail below, configuration settings mayalso be controlled from the enterprise server 602.

When a mailbox change notification is received from an Exchange server601, the enterprise server 602 determines whether or not thenotification relates to a wirelessly enabled mailbox (i.e. a mailboxthat has been added to the enterprise server 602) and if redirection iscurrently enabled. The enterprise server 602 may search stored userinformation to determine if the mailbox or corresponding user exists onthe enterprise server 602. If the user is not found in the userinformation records for the enterprise server 602, then the notificationis preferably ignored by the enterprise server 602. The enterpriseserver 602 may also compile statistics on notifications for mailboxesthat have not been added to the enterprise server 602 if desired by thenetwork owner or administrator. Alternatively, the Exchange servers 601and MAPI clients 604 may be adapted such that notifications are providedto the enterprise server 602 only for mailboxes that have been added tothe enterprise server 602. Where user information is stored in Exchangefolders on the Exchange servers 601, as described above, the Exchangeservers 601 can be granted access to the user information and canthereby determine if the enterprise server 602 should be notified of achange to a particular mailbox.

If a redirection trigger occurs at the desktop system, then the triggeris detected by the enterprise server 602 as described above, and aredirection status indicator in the user information is preferably setto reflect an active redirection status for the user and correspondingmailbox. Similarly, whenever redirection is not active, the redirectionstatus indicator is set to reflect an inactive redirection state. Ifdesired by a network owner, the enterprise server 602 may support morethan one active state indicator and more than one inactive stateindicators, in order to provide for different types or classes of activeand inactive redirection. Different inactive status indications could beassigned to allow a user or network administrator to determine whyredirection is not currently active. The current redirection status forall users on the enterprise server 602 is thereby indicated in the userinformation records. Provided that the mailbox corresponding to areceived notification has been wirelessly enabled or exists in theenterprise server user information, the enterprise server 602 determinesthe user's redirection status by accessing appropriate entries in thestored user information records.

When message redirection is active for the particular user and mailbox,the enterprise server 602 applies the global filter rules to anyincoming messages destined for the mailbox. Filter rules may check anyfields in a message to determine if any of a variety of conditions aresatisfied. The filter rules may either prevent a message from beingredirected to a mobile device or cause the message to be redirected. Ifa particular sender has a history of flooding a corporate network withjunk E-mails for example, network administrators may establish a globalfilter rule to prevent redirection of any messages from the particularsender to mobile devices associated with mailboxes on the network.Another global filter rule might ensure that all messages from networkadministrators are redirected to all mobile devices associated withmailboxes having an active redirection status. Unless a message isfiltered by a global filter rule, the enterprise server 602 then appliesany user-configured filter rules to the message. User filter rules, likeglobal rules, may be “preventive” or “permissive”, to respectivelyprevent or allow redirection of messages that satisfy the filter ruleconditions. By applying the global and user filter rules in this order,the enterprise server 602 ensures that global filter rules, establishedby system administrators, take precedence.

If a message passes through all of the filters, it is preferablycompressed and encrypted and then forwarded to the mobile device 24, asdiscussed above. The message may also be copied to the storage medium608, such that the enterprise server 602 need not access the Exchangeservers 601 to complete its message redirection operations. Theenterprise server 602 repackages the message into an appropriate wrapperfor transmission through the interface 606 over a WAN 18, such as theInternet, to the wireless gateway 20 in accordance with a gatewayprotocol, which may be a public or proprietary protocol. As shown inFIG. 8, the interface 606 could be implemented as a gateway protocolclient associated with a service implemented in the wireless gateway 20.The gateway 20 then transmits the redirected message through a wirelessnetwork to the destination mobile device 24.

Corporate networks are normally designed to be secure, partly tomaintain confidentiality of internal messages. A message which isredirected to a mobile device should therefore also remain confidential.The enterprise server 602 first compresses a message and then encryptsthe message before sending it to the gateway 20 over the WAN 18.Repackaging of such messages by the enterprise server 602 does notrequire message decryption. Similarly, the wireless gateway 20 simplyforwards the message through a wireless network, repackaging the messageif necessary to ensure proper routing to the mobile device 24, withoutperforming any decryption operations. Messages encrypted in the network14, behind the network firewall 610, therefore remain encrypted andshould be secure until they are received by a mobile device 24, whichdecrypts the message. This arrangement thereby effectively extends thenetwork firewall to the mobile devices 24. If redirected messages arealso compressed at the enterprise server 602, decompression is performedby the mobile device 24.

Such end-to-end security requires that the mobile devices 24 are capableof decrypting redirected messages. The mobile devices 24 must alsoencrypt any messages to be sent over the wireless network to theenterprise server 602. Message security may for example be derived froman encryption key shared by the enterprise server 602 and the mobiledevice 24. The encryption key for a particular mobile device 24 may begenerated by either the desktop system or the enterprise server 602 andloaded directly onto the mobile device 24 through a port connection. Amobile device 24 must therefore be connected to the desktop system orthe enterprise server 602 in order to enable secure communications. Whenthe key has been loaded onto a user's mobile device 24, the enterpriseserver 602 can encrypt messages to be sent to the mobile device 24 anddecrypt messages received from the mobile device, using the key.Similarly, the mobile device 24 uses the key to decrypt receivedredirected messages and encrypt messages before sending. Each mobiledevice 24 should, therefore, use a different encryption key. Therefore,only the enterprise server 602, located behind the corporate firewall,has access to all of the encryption keys used by all of the mobiledevices 24.

Message encryption involves applying the encryption key to the messagein accordance with a cipher algorithm. A preferred cipher algorithm istriple-DES, a known and very powerful algorithm. However, other cipheralgorithms may be used instead of triple-DES.

Although the enterprise server 602 includes a connection through thefirewall 610 to the WAN 18, integrity of the firewall 610 is notcompromised because the enterprise server 602 initiates its connectionto the wireless network only in an outbound direction. Unauthorizedaccess to the network 14 from outside the firewall 610 through theenterprise server connection is thereby prevented. When a connection tothe wireless gateway 20 through the WAN 18 is established, theenterprise server 602 maintains the connection, thereby avoidingoperations to re-establish the connection every time a message orinformation is to be redirected to a mobile device. This open connectionbetween the enterprise server 602 and the wireless gateway 20, onceestablished, provides for “always on, always connected” functionality ofthe mobile devices 24.

Particularly in a corporate environment, a corporate client, as an ownerof the mobile devices 24 operating in conjunction with an enterpriseserver 602 in its corporate network, may wish to exercise some controlsover the use of devices 24 and redirection and other device services.Configuration policy settings are communicated through userconfiguration data maintained in the user information records by theenterprise server 602, allowing for simple distribution and updating ofconfiguration policy settings. A policy generation system may write thesettings into the user information record instead of generating a policyfile to be sent to users' desktop computers.

In order to ensure that the settings are current, the enterprise server602 may periodically transmit device policy settings to mobile devices24 “over-the-air”, i.e. through the WAN 18, link 32, wireless gateway 20and link 22 in the systems 600 and 700. Grouping of users based oncommon policy settings may also be allowed to simplify managing policysettings within an organization. A generic format is preferably used totransmit settings to a mobile device 24, either over-the-air by theenterprise server 602 or across a serial or other connection by thedesktop computer 26, 28. Such a generic format provides for futureextensibility of policy settings without requiring updates of desktopconfiguration systems 27, 29 or devices 24 to process new policysettings.

Configuration policy settings may be established by an enterprise serveradministrator using the policy generation system. The policy generationsystem may, for example, be a software application executing on theenterprise server 602, the enterprise user administration service 702,or on some other suitable processor or system. Access to the policygeneration system may be provided, for example, through a user interfaceto the enterprise server administration system. As described above,enterprise administration may be integrated with Exchange serveradministration, through a client-server arrangement or possibly via someother arrangement. Policy settings generated using the policy generationsystem are written directly into the user information records stored onthe enterprise server 602 or on a network data store (not shown)accessible by the enterprise server 602. Each desktop configurationsystem 27, 29 then accesses the configuration settings on the server602, eliminating policy distribution issues associated with the knownsystem described above.

Although a policy file is stored in the user information record for eachuser enabled for redirection of data items from a server to a mobiledevice, a generic policy file format may be used. This allows groupingof users with common policy settings to reduce the management burden andstructuring of policy settings based on existing corporate organization.For example, a corporate network owner or operator may wish to providedifferent levels of redirection services for different groups ofemployees. This type of group policy may be established by generating apolicy file for each group and storing the corresponding policy file inthe user information record for each member of each group.

The enterprise server storage unit 608 may contain a policyconfiguration file which includes entries for all possible policysettings. The policy generation system preferably loads a list ofpolicies from the policy configuration file onto a User Interface (UI)when the system is started by an enterprise server administrator. Newpolicy settings can be added to the policy configuration file as theybecome available, therefore making policy selections in the generationsystem dynamic. The administrator is then able to create, update, andremove policy settings for a user, using an up-to-date list of availablepolicy settings. Since the policy generation system is typicallyprovided on the enterprise server, an administrator may also access auser list in order to select and identify for which user(s) the newpolicy is to be applied.

When a new or updated policy is to be applied for a user or a set ofusers, the user or users are first identified. In the example of dataitem redirection from Exchange mailboxes to mobile communicationdevices, the user or users may be identified by E-mail address. In thiscase, each user address is resolved to determine where the configurationinformation, i.e. the user information record, is stored. If a user hasno previous policy settings, a new configuration information entry forthe new policy settings is created. In an alternative embodiment, twonew entries are created in the configuration information—one with a listof device settings and the other with a list of desktop and redirectionsettings. If previous policy settings already exist for a user, then theexisting policy settings are overwritten with the new settings or theexisting settings are removed and the new policy settings are writteninto the user's information record. Existing policy settings may becompletely overwritten or deleted when new policy settings are received.Alternatively, only modified policy settings may be overwritten ordeleted. If the new policy settings include settings for features orfunctions for which no policy settings currently exist, then in thisalternate embodiment, such settings are added to the user informationrecords. New policy settings for devices may also be sent to the devicesby the enterprise server 602 in update messages, as described in furtherdetail below. Such complete or partial policy setting overwriting ordeletion may apply to any policy settings, including those stored in theuser information records and those stored at the devices.

As described above, certain configuration settings may be associatedwith redirection, other settings may relate to operations at a user'sdesktop computer, and others may include device settings. A policy filestored in the user information record may therefore include any or allof these types of settings. The enterprise server 602 may periodicallytransmit device policy settings over-the-air to a user's device toensure that device settings are up-to-date with the settings stored onthe enterprise server. The enterprise server 602 may be adapted toinclude device policy settings in an update message and to transmit anupdate message to a device in response to a clock or timer, for example.When the clock or timer indicates that policy settings should be sent toa device, then the enterprise server 602 reads device policy settingsfor the device from configuration data associated with the deviceprepares an update message including the device policy settings, andsends the update message to the device.

Other mechanisms for controlling when an enterprise server 602 sendsdevice policy setting update messages are also possible. The policygeneration system may be adapted to set a “modified” flag in a userinformation record each time policy settings for the user are changed.User information records may then be periodically checked for the statusof the flag. If the modified flag is true, then an update message shouldbe sent to the device. After an update message is sent, the flag ispreferably reset to avoid sending duplicate update messages to thedevice.

Regardless of the update control scheme used by an enterprise server602, device policy setting update messages are preferably scheduled toavoid large traffic spikes on the communication links between theenterprise server 602 and devices 24. Traffic bursts that could beinitiated when an enterprise server 602 sends an update message tohundreds or more devices within a short time can cause significantproblems, particularly in wireless communication networks. Policysettings update messages may be queued and sent during non-peak hours orbe sent gradually to users at a manageable rate, such as one updatemessage per second, for example. In a queued update system, policysettings for one or more devices may be changed while a previous updatemessage for that policy for one or more devices is still pending. Ifexisting policy settings are completely overwritten or deleted, asdescribed above, then any pending update messages for that policy may bereplaced with the newer update messages. Since any existing policysettings on the device are overwritten or deleted in this particularexample, the pending update messages need not be sent to the device inthis situation.

Policy settings data transmitted to a mobile device 24 in an updatemessage may be in the form of a data block structured in a tag/valueformat. The policy generation system, enterprise server 602, and desktopconfiguration system 27, 29 need not have any knowledge of the tag/valuedata contained in the block since the data block relates to settings atthe mobile device. This enables the settings supported on the device tobe extended without requiring changes to any other part of a systemexcept device software which handles the device settings. Such devicesoftware components can preferably be updated over-the-air.

The enterprise server 602 uses the policy settings data to prepare anupdate message to be sent to the device. When the tag/value data blockstructure is used for policy settings data, the data block is preferablyincorporated into the update message, but it may be appended or attachedto an update message such as an E-mail message. The enterprise server602 may encrypt, compress and repackage update messages and then forwardsuch update messages to devices 24.

Policy settings may be applied on a device as soon as they arrive,over-the-air, through a serial port, or via any other communicationinterface supported by the device. Received policy settings arepreferably automatically processed by a policy setting processingsystem, which is preferably implemented as a software routine orapplication, and written to a device memory area that device softwareapplications reference for policy information. A query interface to thisdevice memory area may also be supported to allow software applicationson the device, including software applications from third partydevelopers, to query particular policy settings. A device and/or itspolicy setting processing system may be configured to indicate to adevice user that policy settings have been updated. For example, thepolicy setting processing system may display a default text message oralternatively a text message composed by an enterprise serveradministrator and included in an update message on a device displayscreen to inform a device user that policy settings have been updatedand possibly the reason for the new policy settings, the particularpolicy settings that have changed, and other information about the newpolicy settings. As will be apparent from FIG. 6, not all mobile devicesneed necessarily include a policy setting processing system. Those thatinclude a policy setting processing system, the mobile devices 24 a and24 b, process received update messages. Although update messages cannotbe processed by mobile devices such as 24 c which do not include apolicy setting processing system, update messages preferably do notadversely affect the operation of such mobile devices.

In order to monitor policy management efficiency and effectiveness, alog file may be generated to record the success or failure of applyingvarious policy settings. The log file may be stored in the storage unit608 and accessible to system administrators. The log file or possiblyadditional files may also store other pertinent status indicators formonitoring by enterprise server administrators. This type of informationmay be compiled for overall enterprise server operations, on a per userbasis, and/or for groups of users. Information associated withparticular users or devices may similarly be tracked in user-specificfiles or in the user information records. For example, policy-relatedstatistics may be stored in the user information records oruser-specific log files, such as the owners or operators of a systemsuch as 600 or 700, a name of the most recent policy applied for a user,the time that policy settings were last sent to a user's device, and thecurrent status (pending, error, received by device, accepted and appliedon the device) of the most recently sent policy settings.

Occasionally, users may be disabled for redirection of data items from amessage server via the enterprise server 602 but enabled for redirectionusing desktop redirection as shown in FIG. 1. The user still retains amailbox on an Exchange server 601, but redirection is handled by desktopredirection software 12A instead of the enterprise server. Thecorresponding user information record is then updated to identify theuser as a desktop redirector user, and all policy settings are removedfrom the user configuration data.

Policy settings for a user may be read from the enterprise server 602 bya desktop configuration system 27, 29 each time the desktopconfiguration system 27, 29 is started while the desktop computer onwhich it is installed is operating on the LAN 14. Desktop settingsshould be applied and mobile device settings should be formatted,preferably encrypted and possibly compressed, and then sent to theuser's mobile device whenever the device is connected to the desktopcomputer. Although the policy settings are transferred to the device bythe desktop computer using a different mechanism than the over-the-airmechanism used by the enterprise server 602, desktop systems andenterprise servers preferably format the device policy settings data thesame way. This allows a single system or software application on thedevice to process any received device policy settings data, regardlessof whether the data was sent by a desktop system or an enterpriseserver.

If a desktop configuration system such as 27 is launched when thedesktop computer on which it is installed, desktop computer 26 in thisexample, is not connected to the LAN 14, then the desktop configurationsystem has no access to user configuration data and therefore cannotapply any policy settings. However, disconnecting from the network alsopreferably disables mailbox re-direction as well. This ensures that auser cannot circumvent policy settings simply by disconnecting thedesktop computer from the LAN 14.

Since policy settings affect the operation of a mobile device, updatemessages are preferably formatted to provide for the authentication ofsenders. A device is then able to determine whether an update is validand should be applied. New or updated policies are applied only when thesender is authenticated. This may be accomplished, for example, byhaving a sender generate and append a digital signature to an updatemessage. A device is then able to authenticate the sender of a policysettings update message and ensure that the policy settings in theupdate message have not been changed by verifying the digital signature.

A device may also be configured to distinguish policy settings that havebeen sent directly to the device by the desktop computer 26, 28 fromthose forwarded by a third-party or via the enterprise server 602. Thisfeature may be used to enable the device to determine, based on thesender, whether or not received policy settings should be applied, or toestablish priority or rank among policy setting senders. For example,policy settings in an over-the-air update message from an enterpriseserver administrator may replace any policy settings on the device,whereas a device may be configured to replace existing policy settingswith new policy settings in an update message received from a thirdparty only if the existing policy settings were received from the user'sdesktop computer system.

In addition to the policy settings described above, other redirection,desktop and device settings may be specified by the user via the desktopconfiguration system 27, 28 or the mobile device 24 and stored at theuser's desktop computer 26, 28, on the user's device 24, with the userinformation record in a storage location accessible to the enterpriseserver 602, or in more than one of these locations. For example, theuser may specify, using the desktop configuration system 27, 28, asignature block to be appended to messages sent from the mobile device24 through the enterprise server 602. Similarly, user information may beentered using a keyboard or keypad on the mobile device 24. Signatureblock text may be added to a message received at the enterprise server602 from a device 24 before the message is forwarded for delivery to arecipient and may therefore be stored at the enterprise server 602.However, the enterprise server 602 need not necessarily be aware of userjob title information that a user has entered and stored on any device24, such that this information might be stored only on the device 24.Therefore, some configuration settings are controlled via policysettings schemes described above, whereas the user is free toestablished other custom settings.

In addition, certain functions or features may have both policy settingsand user-established settings. For example, a particular devicecommunication feature may be enabled and disabled via a policy setting,whereas settings to control how the feature operates could then beestablished by a user. In this case, both policy settings and usersettings configure the feature, and user settings may only beestablished if the feature is enabled with a policy setting. Thus,settings may be controlled as desired by a redirection system owner oroperator. Any settings which are to be controlled are added as policysettings and loaded onto a desktop system and mobile device. Any or allof these settings may affect redirection operations, desktop systemoperations, and device operations.

Policy settings may include, for example, settings that specify whetherparticular identified software applications or services, oralternatively, whether any software applications or services other thanparticular identified software applications, can be installed andexecuted on a mobile device, whether a security password is required toaccess the mobile device, and whether a user of the mobile device canchange particular configuration settings, such as a security timeoutperiod. Policy settings may also include settings to enable mobiledevice features, such as a long term device timeout, which causes amobile device to perform such operations as disabling communicationfunctions or entirely disabling the mobile device after a period ofinactivity, and password pattern checking, to ensure that a passwordestablished by a user includes a required character sequence, aletter-number sequence, for example, or does not include forbiddensequences or characters.

Configuration settings guidelines or requirements can also be specifiedby policy settings. Settings that specify a maximum password age torequire a user to choose a new password within a certain period of timeafter a current password was established, a maximum security timeoutperiod before a mobile device is locked, a minimum password length, oran owner name and other owner information, could be part of a policysetting.

Although described above primarily in conjunction with an Exchangemessaging system, configuration setting control systems may also beimplemented with further alternative messaging systems, including LotusDomino systems, such as those described in further detail below.

In traditional messaging schemes such as those based on MAPI, amessaging session is conducted between a messaging client and amessaging server over some communication means, which as shown in FIG. 6may involve a network connection between a client 604 and servercomputer 601.

FIG. 8 illustrates an alternative enterprise server architecture. InFIG. 8, functions of the enterprise server are distributed amongdistinct server components, each of which may be running on a dedicatedcomputer. The distributed enterprise server system 902 comprisesmultiple agent sub-systems 912 a-912 c connected to a router sub-system924; the agent and router sub-systems are connected to an administrationsub-system 918 which may include, execute, or access the policygeneration system, as described above. Each of these componentsub-systems is described in greater detail below.

Each agent 912 monitors mailboxes on a specific messaging server 601and, when required, sends new messages to the user's mobile device (notshown) via the router 924 and wireless gateway 20. The agents 912 alsomanage incoming messages that are initiated by the mobile devices. As inthe system 600, there is a one-to-one relation between the number ofMAPI clients and the number of Exchange servers, although each MAPIclient 904 in the distributed enterprise server system 902 isimplemented in a separate agent 912, preferably on a different computerthan all other MAPI clients and agents. Each agent 912 comprises a MAPIclient 904 and a router interface, which may be implemented as aninternal protocol client 914, as shown in FIG. 7. Although there may bemany agents 912 in the system 900, each agent 912 is designed to monitormailboxes on a single Exchange server 601. The one to one relationshipbetween Exchange servers 601 and agents 912 provides for both faulttolerance and scalability, as described below.

If a MAPI session between an Exchange server, 601 a for example, and itscorresponding agent 912 a fails and causes the agent 912 a to block,then any other Exchange servers 601 b and 601 c and agents 912 b and 912c can continue to operate without failure. This provides fault tolerancewith respect to messaging session failure.

The distributed enterprise server architecture shown in FIG. 8 alsofacilitates expansion of enterprise server capacity. When a new Exchangeserver 601 is added, a corresponding agent 912 is added to theenterprise server system 902 to handle the server. Thus, only oneenterprise server system component, instead of an entire enterpriseserver, is required to accommodate new Exchange servers. In the system600, a new enterprise server 602 may to be under-utilized at first, butas further Exchange servers are added, the enterprise server shouldsaturate to capacity. With the distributed enterprise server systemarchitecture shown in FIG. 8, the messaging server load is typicallydistributed between the agents 912. Intercommunication between theagents 912 also provides for load balancing among the agents 912.Messaging server load can thus be distributed among all operable agents912. Each agent 912 may possibly run on a dedicated computer, but ispreferably implemented on the same computer that is operating thecorresponding Exchange server 601.

FIG. 9 is a block diagram of a “site” embodiment of an agent sub-system,wherein the same computer is used for operating the messaging server andcorresponding agent. The enterprise server agent site 1000 comprisesenterprise server agent software 912, which is hosted on an enterpriseserver agent computer sub-system 1002. The agent software 912 embodies arouter interface shown as a client 914 in order to communicate with therouter sub-system 924. The enterprise server agent software furthercomprises MAPI client software 904 communicating with Exchange serversoftware 601 using highly reliable and readily available intra-computercommunication means 1004, instead of network based communication betweentwo computers.

In one alternative embodiment, a “site” might instead be provided byoperating agent software on a messaging server computer instead ofoperating messaging server software on an agent computer as describedabove and shown in FIG. 9. Of these two approaches, the former is moresuitable for implementation in an existing messaging system becauseinstalling agent software on an existing messaging server is simpler andmore cost effective for a customer than replacing the existing messagingservers with new servers running on agent computers. For new messagingsystem installations, either of these approaches may be feasible.

Referring again to FIG. 8, a router protocol is used in communicationsbetween the agents 912, which may for example act as router protocolclients 914, and the router 924, which acts as router protocol server926 a. Like the gateway protocol described above, the router protocolmay also be a proprietary protocol and is used as part of the process ofpassing data between an agent 914 and a mobile device 24 via the router924 and wireless gateway 20.

The router 924 further comprises a wireless gateway interface 928.Similar to the router protocol interface 926 a, the gateway interface928 may also be embodied as a gateway protocol (GP) client. As describedabove, the gateway protocol governing communications between theenterprise server 902 and wireless gateway 20 via WAN 18 is preferably aTCP/IP-based protocol.

In the specific embodiment shown in FIG. 8, the router 924 acts as aclient in order to communicate with wireless gateway 20. The router 924,as a router server, is responsible for communicating with all routerclients in the system 900, and in particular with the agent sub-systems912 and their router client software 914. The router protocol providesan optional confirmation of message reception from a client or a server.The router 924 multiplexes many router protocol sessions from severalagents into a single session using the gateway protocol. The router 924also transfers messages from the agents 912 to the wireless gateway 20via the single gateway protocol client connection to the wirelessgateway 20.

The router 924 maintains a list of in-process transactions and theircurrent state in storage, thereby providing transaction persistence.Once a message is successfully sent to the router 924 and saved to themessage storage 922, it need not need to be re-sent by the agent 912.When the router 924 receives a message from a mobile device 24 throughthe wireless gateway 20, a lookup table 930 is accessed to determinewhich particular agent is handling the mobile device user's desktopsystem. Creation of device/agent correspondence information will bedescribed in further detail below.

Messages destined for mobile devices 24 do not require any lookup andare passed on to the wireless gateway 20. Preferably, mobile device andagent information is extracted from outgoing messages and compared tothe information in the table to ensure that the user database and thedevice/agent lookup table 930 remain synchronized.

The administration sub-system 918 stores administration andconfiguration information in a centralized data store 916. In order toadminister all the routers 924 and agents 912 from one program, anadministration UI 920 is provided, which may be either dialog- orweb-based. The user administration of the enterprise server 902 issubstantially the same as described above in relation to the enterpriseserver 602. The administration UI 920 acts as a client to theadministration sub-system 918, which typically requires Exchangeadministration rights.

In the distributed enterprise server 902, however, the administrationarrangement should be adapted to accommodate the various servercomponents. For example, the distributed enterprise serveradministration system 918 should provide for the addition of new agents912. In the system 600, any new MAPI clients may be integrated with theenterprise server 602. When a new agent is to be added in thedistributed enterprise server system 902, however, various informationrecords should be updated or created and stored. For any new agent 912,an identification of the router 924 to which the agent is to beconnected and the machine or computer on which the agent will run, thename of the agent, the particular Exchange server 601 that the agentshould monitor (typically a new Exchange server) and the network accountunder which the agent will run as a network service should be specifiedby an enterprise server administrator.

The administration system 918 assigns the router ID and anauthentication key to the new agent 912 and generates an agent ID. Theserver domain name for the corresponding Exchange server 601 isretrieved by the administration system 918 through its interface withthe particular Exchange server 601. The new agent 912 is installed onthe computer specified by the administrator and appropriate registrysettings are created. Then, the configuration information used by therouter 924 is updated to add the new agent 912. It should be understood,however, that a more conventional scheme of administering the enterpriseserver 902 through the network and/or Exchange administrationarrangements, although less practical, is also possible.

In the distributed architecture enterprise server system 900, a centralsystem administration scheme is preferred. Since each agent 912 androuter 924 have address, user and configuration information associatedtherewith, and furthermore require access to such information for otherserver system components, a single store for all administrationinformation is particularly desirable. In FIG. 8, the user database 916is the primary store for all administration and configurationinformation, including user administration information as describedabove, agent information, router information and wireless gatewayinformation. The primary database 916 is normally accessible to allenterprise server components through the administration system 918 andappropriate interfaces. Although only one such interface 926 b is shownin FIG. 8, all components requiring access to the user informationdatabase 916 should communicate with the administration sub-system 918.The administration interfaces may also be implemented as clients to oneor more services of the administration sub-system 918.

This central user information storage arrangement is in contrast withthe system 600, in which administration information is preferably storedon the Exchange servers 601. In order to provide some measure of backup,however, additional data stores may be provided for each agent 912and/or the router 924. FIG. 8 shows such a separate store for the router924 as the device/agent lookup table 930. If, for any reason, the router924 cannot access the primary user database 916 through theadministration system 918, then it may access the lookup table 930 todetermine to which agent a message received from a mobile device 24should be forwarded. Similarly, during periods when the primary datastore is inaccessible, the router 924 may extract device and agentinformation from outgoing redirected messages and update the lookuptable 930 to ensure that the lookup table is as accurate as possible.

Although the architecture of the server systems 600 and 900 aredifferent, overall operation of the system 900 is substantially the sameas described above for the system 600. When a user has been properlyadded to the enterprise server system 900, message notifications fromthe Exchange servers 601 are processed to determine whether or not amessage is to be redirected. Any appropriate message filter rules areapplied and when the message is to be redirected to a mobile device, themessage is sent by the corresponding agent 912 to the router 924 forstorage in the router message store 922 and transmission to the mobiledevice 24 through the wireless gateway 20.

The redirection systems described above are adapted to operate inconjunction with messaging systems using Microsoft Exchange. It shouldbe understood, however, that redirection systems are not limited to suchmessaging systems. A further embodiment of a redirection system, asdescribed below, provides a network server-level redirection arrangementgenerally similar to those described above, but adapted for operationwith Lotus Domino servers. Such a redirection system is shown in FIG.10.

The overall structure of the redirection system 1100, shown in FIG. 10includes a messaging server 1101 in a LAN 14, an enterprise server 1102,WAN 18, a wireless gateway 20, communication links 22 including awireless network, and mobile devices 24. The redirection system 1100shown in FIG. 10 is similar to the redirection system shown in FIG. 6,except for differences in the messaging server 1101 and enterpriseserver 1102.

The redirection system 1100 in FIG. 10 represents a further embodimentof the network redirection scheme shown generally in FIG. 2. As in FIG.6, other network components, such as servers and desktop systems, arenot shown in FIG. 10. It should be understood, however, that such othernetwork components are typically included in a typical network such asLAN 14. As also described above, it is assumed in FIG. 10 that E-mail iseither stored at the messaging server 1101 in the network 14 orforwarded to the server 1101 when redirection is initiated.

In the system 1100, network messaging functions in the LAN 14 areprovided using a Lotus Domino server 1101. A client, such as Lotus Notesfor example, enables users (not shown) in the network 14 to access theirE-mail messages, calendar records, tasks and the like from the Dominoserver 1101. Such user clients interface with the Domino server 1101through a Domino Remote Procedure Call (“RPC”) scheme. Unlike theExchange servers 601, the Domino server 1101 supports not only messagingor primarily E-mail clients but also other types of clients through RPC,including, for example, browser clients.

In an RPC scheme, an RPC client sends a procedure call to an RPCservice. The RPC service then executes the procedure and if necessaryreturns a result to the RPC client. In the system 1100, an RPC client1104 on the enterprise server 1102 sends procedure calls to the Dominoserver 1101, which then performs the called procedures. One suchprocedure call would be the polling signal, in response to which theDomino server 1101 returns information relating to polled usermailboxes, as discussed in further detail below.

As shown in FIG. 10, the enterprise server 1102 includes an RPC client1104 as an interface between the enterprise server 1102 and the Dominoserver 1101, and also may include the policy generation system, asdescribed above. Through this RPC client 1104, the enterprise server1102 accesses information stored on the Domino server 1101, therebyenabling redirection of selected information, such as a user's E-mailmessages, from the Domino server 1101 to the user's mobile device 24. Asin the Exchange system described above, the network 14 may includemultiple Domino servers (not shown) in addition to Domino server 1101.In such systems, either multiple enterprise servers are installed toshare message redirection load, or multiple RPC clients are implementedin a single enterprise server 1102. Each enterprise server in a multipleenterprise server installation would preferably be configured to managemessaging traffic for a distinct group of users, normally all users on asingle associated Domino server. The implementation of multiple RPCclients in each of the enterprise servers, however, provides morebalanced and dynamic load sharing by allowing any enterprise server tocommunicate with any Domino server in the network. The operation ofsystem 1100 will be described below for the single Domino server 1101.Operation of a multiple Domino server and multiple enterprise serversystem will be apparent therefrom.

Unlike the Exchange server redirection systems described above, theenterprise server 1102 does not rely on mailbox change notificationsfrom the Domino server 1101. Instead, the enterprise server 1102 mustpoll the Domino server 1101 for new E-mail messages or other data itemsfor redirection. A polling interval or amount of time betweenconsecutive polls of the Domino server 1101 by the enterprise server1102 is preferably configured when a user is added to the enterpriseserver 1102, which effectively enables the user for wireless redirectionof information. Although the polling interval is configurable to suitthe particular network 14 in which Domino server 1101 is operating, adefault or recommended polling interval is preferably 20 seconds.Setting a shorter polling interval potentially provides for a shorterlatency time between the arrival of a new message at the Domino server1101 and its detection by the enterprise server 1102, which therebyprovides for shorter delay between the arrival of the message and itsredirection to a mobile device 24. However, a shorter polling intervalrequires more frequent polling and response signaling between the Dominoserver 1101 and the enterprise server 1102 and increases the time andprocessing resources that the Domino server 1101 must dedicate topolling-related functions. Because a Domino server may support manyadditional messaging and non-messaging functions, the increased time andresource allocations for short-interval polling may be furtherundesirable. A longer polling interval reduces the amount of signalingand related Domino server processing, but may increase the delay betweenmessage arrival at the Domino server 1101 and redirection of the messageby the enterprise server 1102 to a mobile device 24. Selection of apolling interval thereby involves a trade-off between signaling andprocessing constraints and responsiveness or latency between messagearrival and redirection.

Different polling intervals may be set for specific users or a singlepolling interval may be set for all users on an enterprise server 1102.A combined polling interval scheme may also be used in which particularusers or a groups of users, network administrators for example, areconfigured for shorter polling intervals, whereas a longer pollinginterval is set for other users. Such a multiple-interval schemeprovides flexibility within a single installation, effectively allowingdifferent redirection service levels. Users requiring substantiallyreal-time message redirection could be assigned a shorter pollinginterval instead of a normal or default polling interval.

The enterprise server 1102 is preferably integrated with the Dominoserver 1101 and in such a system would therefore operate within thenetwork 14. The Domino server 1101 is typically implemented as a networkfunction or service, for example, running as a network service inWindows NT. It should be understood, however, that Domino servers 1101may instead be implemented on other platforms. Regardless of the networkplatform upon which the Domino server 1101 is running, the interfacesbetween user workstations (not shown) in the LAN 14 and the enterpriseserver 1102 with the Domino server 1101 are implemented with the sameRPC clients. As such, redirection system components at both desktopsystems and the enterprise server 1102 are platform independent.

The enterprise server 1102, through its RPC client 1104, polls theDomino server 1101 to check for new messages in all mailboxes which havebeen enabled for wireless message redirection. The timing of suchpolling is determined by the polling interval, as discussed above. Asingle polling signal may request Domino server mailbox information forall users currently existing on the enterprise server 1102.Alternatively, a distinct polling signal may be used to poll a mailboxfor each user on the enterprise server 1102, such that the enterpriseserver 1102 sends a polling signal to the Domino server 1101 for eachuser in an enterprise server user list. The enterprise server 1102 andthe polling signals it generates may instead be configurable to poll theDomino server 1101 for only certain groups of users. The polling signalsand related response signals may be implemented using programmingthreads in enterprise server software.

In the interest of simplifying polling-related processing at the Dominoserver 1101 and reducing network traffic by limiting the amount ofinformation in a response signal, a selective polling scheme may beimplemented in which mailbox information is requested for only specificusers. In such a polling scheme, a user mailbox is polled or included ina polling signal when redirection for the particular user is currentlyactive. Since normal enterprise server 1102 operations typically requirethat the enterprise server 1102 determine whether a message orinformation is to be redirected to a user's mobile device 24, theselective polling feature can be provided with little or no additionalprocessing by the enterprise server 1102. Alternatively, where theenterprise server 1102 is integrated with the Domino server 1101, adetermination of whether or not redirection is currently active for aparticular user, or analogously for which users redirection is currentlyactive, can be made by the Domino server 1101. In such systems, when theDomino server 1101 is polled by the enterprise server 1102, the Dominoserver 1101 includes in its response signal information for allmailboxes for which redirection is currently active.

Depending upon the particular polling and response scheme implemented,when the enterprise server 1102 receives a response signal from theDomino server 1101, it may determine whether redirection is active forany mailboxes in which new messages have been received. In systems inwhich such a determination is made by the enterprise server 1102 beforeit polls the Domino server 1101, or by the Domino server 1101 before itgenerates a response to the poll, the enterprise server 1102 preferablydoes not repeat the redirection status determination. If redirection isnot active for an existing enterprise server user when the Domino server1101 is to be polled, then any response information provided to theenterprise server 1102 by the Domino server 1101 relating to that userwould not be used for redirection functions. Such information might beused for compiling statistics or the like, but since redirection is notcurrently active, the enterprise server 1102 could simply ignore theresponse information for such users. When a new message arrives at awirelessly-enabled mailbox for which redirection is currently active,however, the enterprise server 1102 redirects the new message to theuser's mobile device 24.

In network redirection systems for Lotus Domino messaging servers, theenterprise server 1102 is preferably integrated with the messagingserver 1101. This integration may possibly be accomplished byimplementing the enterprise server 1102 as a task running on the Dominoserver 1101. Administration functions for the enterprise server 1102 insuch systems may then be integrated with Domino server administrativearrangements. When a user's existing mailbox is to be enabled forredirection, a Domino server administrator adds the user to theenterprise server 1102 using an enterprise server administration utilityinstalled on a computer from which Domino server administrationfunctions can be performed. For a new user, the Domino serveradministrator may add the user's mailbox on the Domino server 1101 andalso add the user to the enterprise server 1102.

As described above for the Exchange server system 600, integratedenterprise server 1102/Domino server 1101 administration also has theassociated disadvantage that simply enabling an existing user's mailboxfor wireless redirection of messages by adding the user to theenterprise server 1102 requires intervention by either a Domino serveradministrator or an enterprise server administrator with Domino serverExchange administration permission or privileges. Domino serveradministrators should therefore be familiar with both the Domino server1101 and enterprise server 1102, or enterprise server administratorsshould have full Domino server administration permissions. As such,either Domino server administrators' workloads are increased, or controlof network administration functions should be relaxed. In many networksor organizations, neither of these options would be a desirablealternative.

In the Domino server system 1100, enterprise server administration maybe accomplished through an administration service and clientarrangement. This arrangement, shown in FIG. 11, is similar to thesystem in FIG. 7 and operates substantially as described above. The useradministration service 1204, similar to service 702, should be installedand executed in the background on the Domino server 1101 or on acomputer which can communicate with the Domino server 1101 and hasDomino server administration rights. The enterprise serveradministration client 1202 is similarly installed on a computer in thenetwork 14 and communicates with the service to perform enterpriseserver administration functions.

Enterprise server user administration through the client 1202 andservice 1204 proceeds substantially as described above for the client704 and service 702 in FIG. 7, except that the client 1202 and service1204 are preferably implemented using RPC. Where more than one Dominoserver is installed in the network, the service 1204 preferablycommunicates with and is able to administer all of the Domino servers.

The service 1204 should be running on a computer or under a networkaccount having Domino server administration permissions, whereas theclient 1202 may be installed on virtually any computer that cancommunicate with the computer on which the service 1204 is runningAdministration functions are thus provided through the client 1202,which does not require Domino server administration privileges orpermissions, even though the administration functions for the enterpriseserver 1102 remain integrated with Domino administration. The service1204 performs the enterprise server administration tasks requested bythe client 1202 through Domino server administration arrangements.

As in the Exchange system, the Domino system client-service enterpriseserver administration arrangement provides for flexibility in assignmentof Domino server administration rights to enterprise serveradministrators. The service 1204, like the service 702, is preferablyconfigured to provide for common enterprise server administrationfunctions such as adding users to an enterprise server, deleting usersfrom an enterprise server, listing all users on an enterprise server,and verifying that a particular user exists on a particular enterpriseserver. Even though the service 702 may have full Domino serveradministration rights, it may be configured to provide only specificenterprise server administration functions to the client 1202. After theservice software 702 has been installed and is running, any selectedenterprise server administration tasks may thus be made availablethrough the client 1202 to avoid the necessity for intervention byDomino server administrators.

The enterprise server administration functions described above are alsocontemplated for the client-service arrangement in a Domino servermessaging system. An existing Domino server mailbox is enabled forredirection to a mobile device through an add user administrationprocess by the client 1202. Before a new user may be added on theenterprise server 1102 via the client 1202, a mailbox for the new usermust first be added to the Domino server 1101. In response to an adduser request from the client 1202, the service 1204 creates a userinformation record, either on the Domino server 1101 or in the datastore 1108 associated with the enterprise server 1102, including userinformation such as a user name, a mailbox name and a mobile deviceidentifier.

A “delete user” administration function may delete or overwrite a userinformation record to thereby effectively disable one or more Dominoserver mailboxes with respect to wireless redirection. Enterprise serveruser list and verify administrative functions may also be performed bythe Domino server system client 1202 and service 1204. The user recordsthat are accessed are stored on either the Domino server 1101 or theenterprise server data store 1108.

The “add user,” “delete user,” “list users” and “verify user”administration functions are common enterprise server administrationfunctions which would likely be executed relatively frequently andtherefore should be performed through a client 1202 and service 1204.However, these particular functions are for illustrative purposes only.Further or different enterprise server user administration functionscould be performed through a client-service or other type of enterpriseserver administration arrangement.

As in the Exchange system above, the client component 1202 of theenterprise server administration arrangement in a Domino server systemcan be installed and run on any computer in the network that cancommunicate with a computer that is running the service component 1204.The service 1204 should only be executed by a user with Domino serveradministration rights or on a computer running under an account withDomino server administration rights. The client component 1202 requiresno such administration rights and thus can be either made accessible toany users or restricted to any particular users or enterprise serveradministrators. Restricted client arrangements maintain more controlover enterprise server administration, whereas unrestricted user accessto the client 1202 or at least specific client functions provides forremote administration of an enterprise server. For example, the client1202 could be installed at a desktop computer in the network from whichmessages are to be redirected. Every user could then run the clientprogram to perform some or all of the supported enterprise serveradministration functions. An add user or other administration procedurecould also be executed automatically, the first time a user connects amobile device to the desktop system for example.

The client 1202 may be implemented as a command line utility.Administration functions supported by the client are then invoked byentering a command according to a predetermined syntax. Formultiple-user administration functions, a list of users or a filenamefor a file containing such a list could be specified in the command. Aweb-based interface, GUI or automated scripts may also possibly be usedto implement the client 1202.

The function of adding a user to the enterprise server 1102 effectivelyenables the user's mailbox for redirection. Similarly, deleting a userfrom the enterprise server 1102 disables message redirection. Asdescribed above, each mobile device 24 has a unique PIN, which isassociated with a user's mailbox when the user is added to theenterprise server 1102. The user information stored when the user isadded to the enterprise server 1102 therefore includes the particularPIN for the user's mobile device 24 and possibly the user name, mailboxname, E-mail address or other information which identifies the user ormailbox from which redirection is enabled.

The enterprise server 1102 also preferably stores an indication of thecurrent redirection status of the user's mailbox. This status indicatormay be substantially as described above for an Exchange messaging systemuser, including at least the latest redirection status, i.e. “running”or “disabled”, and such other status information as for example the nameof the enterprise server 1102 through which messages for the user areredirected, statistical information relating to the number of messagessent to or from the mobile device, the number of messages pending to themobile device, the number of messages that have expired before beingsent to the mobile device, the number of messages not sent to the mobiledevice in accordance with filtering rules as described below, the timesthat messages were last sent to or received from the mobile device, thetime of last contact with the mobile device, the result of the mostrecent transaction involving the mobile device, and the like.

As in the Exchange server redirection systems described above,redirection software 12B runs on an enterprise server and controlsmessage redirection for the entire network 14, while a desktop softwarecomponent allows users to set individual redirection propertiesaccording to personal preferences. When a user has been added to theenterprise server 1102, the desktop software is executed to establishuser settings, such as whether or not messages are to be redirected tothe mobile device 24 when the mobile device is connected to the desktopcomputer, filter rules such as the above preferred sender list,redirection triggers, and other redirection preferences. Furthermessaging settings not directly affecting message redirection may alsobe specified using the desktop software, including for example asignature block to be added at the end of messages sent from the mobiledevice, whether or not messages sent from the mobile device should bestored to a message folder on the desktop system, and how the mobiledevice and desktop system should be synchronized when connected. Usersettings, particularly redirection settings, are preferably stored withthe user information in a storage location accessible to the enterpriseserver 1102. Although global or common redirection properties may takeprecedence over user settings, the enterprise server 1102 controlsredirection in accordance with the user settings whenever appropriate.Policy settings may also be established by an administrator of theenterprise server 1102 and applied for any user or group of users,substantially as described above.

Although the system 1100 is adapted for operation in conjunction with aLotus Domino messaging system, operation of the enterprise server 1102is substantially similar to that of the enterprise server 602 describedabove. When a redirection trigger occurs at the desktop system, or inthe network 14 in the case of a network trigger event, the enterpriseserver 1102 detects the trigger and sets the redirection statusindicator to reflect an active redirection status for the user andcorresponding mailbox. Similarly, whenever message redirection is to bestopped, in response to a control message or connection of the mobiledevice to the desktop system for example, the redirection statusindicator is set to reflect an inactive redirection state. Theenterprise server 1102 can thereby determine the user's redirectionstatus by accessing appropriate entries in the stored user informationrecords. The enterprise server 1102 may support more than one activestate indicator and more than one inactive state indicator, in order toprovide for different types or classes of active and inactiveredirection. For example, different inactive status indications could beassigned to allow a user or network administrator to determine whyredirection is not currently active.

When the enterprise server 1102 determines a new message has arrived ata mailbox and that redirection is active for the particular user andmailbox, global filter rules are applied to the received message. Thefilter rules may check any fields in a message to determine if any orall of a variety of conditions are satisfied. As in the Exchangeredirection system, these filter rules may either prevent a message frombeing redirected to a mobile device or cause the message to beredirected. Network administrators may establish a global filter rule toprevent redirection of virus messages for example. Another global filterrule might ensure that all messages from network administrators areredirected to all mobile devices associated with mailboxes having anactive redirection status, regardless of any other filter rules, such asuser filter rules. If the message passes through global filter rules,the enterprise server 1102 then applies any user-configured filter rulesto the message. Thus, global filter rules, established by systemadministrators, take precedence.

If a message passes through all of the filters, it is preferablycompressed and encrypted and then repackaged and forwarded to the mobiledevice 24 as discussed above. The message, or a part of the message, mayalso be copied to the storage medium 1108, such that the enterpriseserver 1102 need not access the messaging server 1101 to complete itsmessage redirection operations. For example, only the first 2 kilobytes(2 k) of any long message may be copied to the data store 1108 andforwarded to the mobile device 24. The remainder of such messages maythen be requested by the user of the mobile device 24, and theenterprise server 1102 accesses the remainder of the message on theDomino server 1101 and forwards further 2 k blocks for example, to themobile device 24.

The enterprise server 1102 repackages the compressed and encryptedmessage into an appropriate wrapper for transmission through theinterface 1106 over WAN 18 to the wireless gateway 20 in accordance witha gateway protocol. The interface 1106 could be implemented as a gatewayprotocol client associated with a service implemented in the wirelessgateway 20. The gateway protocol in FIG. 10 is preferably the sameprotocol described above in conjunction with FIGS. 6 and 8. Even thoughthe enterprise server 1102 operates with a Lotus Domino messaging systeminstead of the above Exchange system, the connections between theenterprise servers 602, 902, 1102 and the wireless gateway 20 preferablyconform to the same gateway protocol. This common protocol allows asingle wireless gateway 20 to provide routing of redirected informationor data items to mobile devices 24 from different enterprise servers,each of which may be operating with different messaging server systems,which in turn may be implemented on any of a plurality of networkplatforms.

As described above, the enterprise server 1102 provides end-to-endsecurity for information redirected from the network 14 to mobiledevices 24. The enterprise server 1102 preferably compresses messages tobe redirected, encrypts the messages using a unique encryption keyshared with the destination mobile device 24 and a cipher algorithm suchas triple-DES, and sends the message through the WAN 18 and the wirelessgateway 20 to the mobile device 24. Encrypted messages are decryptedonly at the destination mobile device 24. Not even the service provideroperating the wireless gateway has access to a clear version ofencrypted redirected messages or information. Messages sent from mobiledevices 24 are similarly decrypted only at the enterprise server 1102,decompressed if necessary, and then forwarded to the Domino server 1101.If the addressee or recipient is within the network 14, the message isdelivered directly to the recipient's mailbox. Where a recipient isoutside the network 14, the message is forwarded by the Domino server1101 through a further server (not shown) such as an SMTP server in thenetwork 14.

The integrity of the firewall 1110 and thus the protection of thenetwork 14 from unauthorized access is maintained in the system 1100 byinitiation of the connection of the enterprise server 1102 to the WAN 18and wireless gateway 20 in an outbound direction. As in the Exchangeredirection systems described above, this connection between theenterprise server 1102 and the wireless gateway 20 is kept open, suchthat mobile devices 24 in a Lotus Domino redirection system such asshown in FIG. 10 remain “always on, always connected”.

As described briefly above, redirection functionality for a network withmultiple Domino servers such as 1101 could be enabled by a singleenterprise server such as 1102 having multiple RPC clients, one clientper Domino server. However, the RPC clients and the single enterpriseserver 1102 in such a system would be prone to enterprise serverblocking. An interruption in communication between any one RPC clientand an associated Domino server may potentially cause the enterpriseserver 1102 to block, thereby affecting all other RPC clients on theenterprise server 1102 and halting all redirection operations. Inaddition, a single enterprise server 1102 may accommodate many users,but has some maximum capacity which limits the number of RPC clientsthat may be implemented. If network requirements approach this capacity,in a very large corporate network for example, quality and reliabilityof service tend to decline.

Both these problems may be alleviated to some degree by providing morethan one enterprise server for a network. Such a solution would likelybe feasible to provide required additional capacity, although thesubstantially higher costs relative to simply adding further RPC clientseach time an additional Domino server is installed might not bejustifiable when blocking is the primary concern. Furthermore, networkshaving multiple enterprise servers require multiple connections throughthe corporate firewall over WAN 18, and thus further complicate networktopology. Such multiple enterprise server systems may also necessitateuser transfers between enterprise servers when a user changes worklocations in a corporate network, such that new routing information mustbe obtained. Central administration of systems with multiple enterpriseservers presents a further challenge.

The Domino system, like the Exchange system above, is also suited toimplementation as a distributed architecture as shown in FIG. 12. TheDomino system 1300 in FIG. 12 is similar to the Exchange system 900 inFIG. 8, in that functions of the enterprise server are distributed amongdistinct server components, each of which may be running on a dedicatedcomputer. The distributed enterprise server system 1302 has agentsub-systems 1312 a-1312 c connected to a router sub-system 1324, and anadministration sub-system 1318 connected to both the agent and routersub-systems.

Each of the sub-systems in FIG. 12 has been described in detail above inconjunction with FIG. 8. Although the enterprise server system 1302 isadapted for operation with Domino servers 1101 instead of the Exchangeservers 601 in FIG. 8, the various sub-systems in the enterprise serversystem 1302 operate substantially as described above. The Domino servers1101 a,b,c and all associated interfaces, including the clients 1304 a,b, c and the interfaces to the administration sub-system 1318, arepreferably based on RPC instead of MAPI (for the Exchange system), butthe enterprise server system 1302 is otherwise virtually the same as theenterprise server system 902.

Each agent 1312, as described in detail above, monitors mailboxes on aspecific Domino server 1301 and sends new messages to associated mobiledevices (not shown) via the router 1324 and wireless gateway 20, andalso manages incoming messages sent from the mobile devices. In theDomino enterprise server system 1302, the mailbox monitoring isaccomplished by polling the Domino servers 1101. An agent 1312, runningon a computer on which no other agents are installed, is preferablyimplemented for each Domino server 1101 and is preferably designed tomonitor mailboxes on a single Domino server 1301.

The one to one relationship between Domino server s 1301 and agents 1312provides for both fault tolerance and scalability. If communicationsbetween an RPC client, 1304 a for example, and its corresponding agent1312 a fails and causes the agent 1312 a to block, any other Dominoservers 1301 b and 1301 c and agents 1312 b and 1312 c can continue tooperate. The distributed enterprise server system 1302 also facilitatesexpansion of enterprise server capacity, as described above. When a newDomino server 1301 is added, only a corresponding agent 1312 must beadded to the enterprise server system 1302. Thus only one server systemcomponent, not an entire enterprise server, is required to accommodatenew Domino servers. As described above, each agent 1312 may beintegrated with the Domino server to form a site, similar to the siteshown in FIG. 9. In a Domino server system however, internal sitecommunications between the Domino server and the agent would be throughRPC, with an RPC client and server, instead of MAPI.

Each agent 1312 comprises an RPC client 1304 and a router interfacewhich, as in the system 900, may be implemented as an internal protocolclient 1314. This internal protocol is preferably the same, regardlessof the type of messaging servers with which an enterprise serveroperates. Similarly, the gateway protocol (GP) governing communicationsbetween the enterprise server 1302 and wireless gateway 20 via WAN 18 ispreferably common to all enterprise server implementations and thereforeis also messaging server- and platform-independent.

The administration sub-system 1318 preferably stores administration andconfiguration information in a centralized data store 1316, and mayexecute the policy generation system, as described above. A dialog- orweb-based administration UI 1320 provides for central administration ofall the routers 1324 and agents 1312 from one program. Actual useradministration of enterprise server 1302 is substantially the same asdescribed above, in that the administration UI 1320 acts as a client tothe administration sub-system 1318, which requires Domino serveradministration rights.

In the distributed enterprise server system 1302, however, theadministration sub-system 1318 should also be adapted to accommodate thevarious server system components. For example, the administrationsub-system 1318 should provide for addition of new agents 1312. When anew agent 1312 is to be added, various information records, whichinclude at least an identification of the router 1324 to which the agentis to be connected and the machine or computer on which the agent willrun, the name of the agent, the particular Domino server 1301 that theagent monitors and the network account under which the agent will run asa network service, must be updated or created and stored.

The administration system 1318 assigns the router ID and anauthentication key to the new agent 1312 and generates an agent ID. Theserver domain name for the corresponding Domino server 1301 is thenretrieved by the administration system 1318 through its interface,preferably using Domino RPC, with the particular Domino server 1301. Thenew agent 1312 will then be installed on the computer specified by theadministrator and appropriate registry settings will be created. Thefinal step in adding a new agent 1312 is updating configurationinformation used by the router 1324. A more conventional scheme ofadministering the enterprise server 1302 through the network and/orDomino server administration arrangements, although less practical forthe distributed system 1300, is also possible.

In the distributed architecture enterprise server system 1300, a centralsystem administration scheme is preferred, as described above. A singledatabase in a storage device 1316 can then be used to store alladministration information. All administration and configurationinformation, including user administration information as describedabove, agent information, router information and wireless gatewayinformation is thereby made accessible to all enterprise servercomponents from a single location, through the administration system1318 and appropriate interfaces. Although only one such interface 1326 bis shown in FIG. 12, all components requiring access to the userinformation database 1316 should communicate with the administrationsub-system 1318. The protocol used for internal enterprise serverinterfaces between the administration sub-system 1318 and the agents1312 and router 1324, like the router protocol and the gateway protocol,is preferably messaging server- and platform-independent. The interfacebetween the enterprise server administration sub-system 918 and theDomino servers 1101 is therefore the only server-dependentadministration interface.

At least some of the administration information is preferably alsostored in additional separate data stores provided for each enterpriseserver sub-system. The lookup table 1330 is one such separate store forthe router 1324 and allows the router 1324 to determine to which agent amessage received from a mobile device 24 should be forwarded, if for anyreason the router 1324 cannot access the primary user database 1316through the administration system 1318. In any such time periods duringwhich the primary data store 1316 is inaccessible, the router 1324preferably extract device and agent information from outgoing redirectedmessages to update the lookup table 1330. Similar arrangements could beimplemented for backup data stores (not shown) for the agents 1312.

Overall operation of the system 1300 is substantially the same asdescribed above. When a user has been properly added to the enterpriseserver system 1302, polling response signals from the Domino servers1301 are processed to determine whether or not a new message is to beredirected. All applicable global and user filter rules are applied and,if appropriate based on the filter rules, the message or at least aportion thereof is sent by the corresponding agent 1312 to the router1324. The router 1324 then stores the message, or a portion such as thefirst 2 k of the message, in the router message store 1322. The entirestored message or portion of the message is then compressed, possiblyencrypted, repackaged, and then transmission to the mobile device 24through the wireless gateway 20.

The versatility of enterprise server systems as described herein will beparticularly apparent from a comparison between the distributed systems900 and 1300. As described above, the agents 912/1312 should be adaptedto monitor and communicate with the particular messaging system in thenetwork 14. Agent operations and all other agent interfaces are commonfor all messaging systems. Inter-agent communication interfaces, agentto router interfaces and agent to administration sub-system interfacesare preferably independent of the network messaging system. Theadministration sub-system is also substantially independent of themessaging system, except for its interface with the messaging serversand perhaps administration command and information formats. At therouter 924/1324, communications with the agents preferably use a routerprotocol, communications with the administration sub-system ispreferably messaging system independent except with respect toinformation formats for example, and the gateway protocol is alsoindependent of the network messaging system. Thus, the basic enterpriseserver system including agents, an administration sub-system and arouter sub-system can therefore be adapted provide data item or messageredirection for networks using messaging systems other than MicrosoftExchange and Lotus Domino. In a similar manner, the systems 600 and 1100are also adaptable for further messaging systems.

The embodiments described herein are examples of structures, systems ormethods having elements corresponding to the elements of the inventionrecited in the claims. This written description may enable those skilledin the art to make and use embodiments having alternative elements thatlikewise correspond to the elements of the invention recited in theclaims. The intended scope of the invention thus includes otherstructures, systems or methods that do not differ from the literallanguage of the claims, and further includes other structures, systemsor methods with insubstantial differences form the literal language ofthe claims.

For example, although described above primarily in the context of asystem, those skilled in the art will appreciate that methods ofconfiguration settings control are embodied in each system. FIG. 13 is aflow chart showing a method of controlling a configuration setting of amobile data communication device. In FIG. 13, the method begins with thestep 1402 of receiving a policy setting for a mobile data communicationdevice. At step 1404, an update message that corresponds to the policysetting is generated. The update message is then transmitted through awireless network to the mobile device. When the update message isreceived at the mobile device, after some time delay associated with thewireless network and possibly an update message queuing strategy, theupdate message is processed and a device configuration that controls oneor more functions of the mobile device is modified to include the policysetting. As described above, policy settings might not always requiremodification of a device configuration, where current configurationsettings satisfy policy settings received at the mobile device. Where apolicy setting is to be applied to a group of mobile devices, the updatemessage generated at step 1404 is sent to each mobile device in thegroup at step 1406, and received and processed by each such mobiledevice at steps 1408 and 1410.

Also, redirection functionality may be provided not only for messages ina network, but also for other data items, including but not limited totasks or task lists, calendar events such as appointments andappointment requests, address book or contact information and similardata items relating to common messaging system features. Particularly innetworks using Domino servers, many non-messaging data items could alsobe redirected. Messaging is but one feature supported by Domino servers.Any documents, databases, information downloaded by Domino serverbrowser clients and the like may also be redirected to a user's mobiledevice.

In addition, the use of common internal enterprise server systemprotocols facilitates migration of enterprise server features for anyparticular network messaging system or platform to any other networkmessaging system or platform.

1. A wireless mobile communication device comprising: a processingsystem; a memory device; and software stored on the memory device andexecutable by the processing system to: receive a policy setting;authenticate a sender of the received policy; and automatically applythe policy setting on the communication device based on a successfulauthentication of the sender; wherein the software is further configuredto rank senders of policy settings, so that a policy setting receivedfrom a higher ranked sender will replace a policy setting received froma lower ranked sender whereas a policy setting received from a lowerranked sender will not replace a policy setting received from a higherranked sender.
 2. The communication device of claim 1 wherein anenterprise server administrator sending a policy setting is rankedhigher than a third party sending a policy setting.
 3. The communicationdevice of claim 2 wherein enterprise server administrators are rankedhighest, such that a policy setting received over-the-air from anenterprise server administrator will replace any policy setting on thedevice.
 4. The communication device of claim 2 wherein third partysenders are ranked higher than desktop computer system senders, suchthat a policy setting received from a third party will replace only apolicy setting received from a desktop computer system.
 5. Thecommunication device of claim 1 wherein the policy setting includes asetting selected from the group consisting of: a setting that specifieswhether particular software applications or services can be installedand executed on the mobile data communication device, a setting thatspecifies whether a security password is required to access the mobiledata communication device, a setting that specifies whether a user ofthe mobile data communication device can change the deviceconfiguration, a setting that enables a long term mobile datacommunication device timeout, a setting that enables mobile datacommunication device security password pattern checking, a setting thatspecifies a maximum mobile data communication device security passwordage, a setting that specifies a maximum security timeout period for themobile data communication device, a setting that specifies a minimumlength of a mobile data communication device security password, and asetting that specifies mobile data communication device ownerinformation.
 6. The communication device of claim 1 wherein the policysetting is received in the form of a data block structured in atag/value format.
 7. The communication device of claim 1 wherein policysetting is received attached to an email message.
 8. The communicationdevice of claim 7 wherein the email message includes a digitalsignature.
 9. The communication device of claim 1 wherein the policysetting is received over-the-air from a server.
 10. The communicationdevice of claim 1 wherein the policy setting is received through aserial port from a desktop computer.
 11. The communication device ofclaim 1 wherein the software is configured such that: if thecommunication device has no previous policy settings, then the softwarecreates a new configuration information entry for the received policysetting; and if the communication device has a previous policy setting,then the software replaces the existing policy setting with the receivedsetting.
 12. The communication device of claim 1 further comprising aquery interface that allows software applications from third partydevelopers to query the received policy settings.
 13. The communicationdevice of claim 1 further comprising a display screen configured todisplay a text message that was composed by an enterprise serveradministrator and included with the received policy setting, the textmessage indicating that the policy setting has been updated and thereason for the received policy setting.
 14. The communication device ofclaim 1 wherein the authentication is by verifying a digital signatureaccompanying the received policy setting.
 15. The communication deviceof claim 1 further comprising a feature that has both a policy settingand a user-established setting, such that the feature may be enabled anddisabled via a policy setting, whereas a setting to control how thefeature operates is established by a user of the device, and the usersetting may be established only if the feature is enabled with thepolicy setting.
 16. A method performed by a wireless mobilecommunication device, comprising: ranking senders of policy settings, sothat a policy setting received from a higher ranked sender will replacea policy setting received from a lower ranked sender, whereas a policysetting received from a lower ranked sender will not replace a policysetting received from a higher ranked sender; receiving a policy settingthat is configured to replace a previously received and applied policysetting; if a sender of the received policy setting is of higher rankthan a sender of the previously received and applied policy setting,then: authenticating the sender of the currently received policy; andautomatically replacing the previously received and applied policysetting with the currently received policy setting upon successfulauthentication of the sender; and if the sender of the currentlyreceived policy setting is of lower rank than the sender of thepreviously received and applied policy setting, then refraining fromapplying the currently received policy setting.
 17. The method of claim16 wherein the mobile communication device is disabled for redirectionof data items from a message server via an enterprise server but isenabled for redirection using desktop redirection.
 18. The method ofclaim 16 further comprising: enabling or disabling a feature of thecommunication device based on the policy setting; establishing a settingto control how the feature operates based on input from a user of thecommunication device, only if the feature is enabled with the policysetting.
 19. The method of claim 16 wherein the policy setting includesa setting selected from the group consisting of: a setting thatspecifies whether particular software applications or services can beinstalled and executed on the communication device, a setting thatspecifies whether a security password is required to access thecommunication device, a setting that specifies whether a user of thecommunication device can change the device configuration, a setting thatenables a long term communication device timeout, a setting that enablescommunication device security password pattern checking, a setting thatspecifies a maximum communication device security password age, asetting that specifies a maximum security timeout period for thecommunication device, a setting that specifies a minimum length of acommunication device security password, and a setting that specifiescommunication device owner information.